Malaysia Airlines mystery giving rise to hacker attacks
Search engine inquiries on trending topics turning up suspicious pages
The story of the missing Malaysian Airlines plane has preoccupied people around the world for more than a month.
It also looks to have inspired online scammers who exploit people's interest in trending news topics to install malware on their computers, internet security experts say.
- LIVE BLOG: The search for Malaysia Airlines MH370
- Malaysia Airlines MH370: Deep-ocean vessels may join hunt
- Malaysia Airlines MH370: list of false hopes
Whether it's an international event such as the Olympics, an annual occasion such as tax season, or a breaking news story such as the Boston Marathon bombing, you can be sure criminal hackers are using it to snare victims, says Adnan Baykal, vice-president of security services at the Centre for Internet Security, a non-profit, U.S.-based organization.
"Whenever we see these events that get a lot of media attention, we see a spike in malware infections of computers," says Baykal.
It was about a week after Malaysian Airlines MH370 went missing that Baykal
started to notice related phishing scams, in which hackers masquerade as a legit site to try to trick someone into handing over personal information or money.
"But after that, it definitely ramped up," he says.
Riding the news wave
You might come across this type of scam on social media or through a spam email.
In the case of the MH370 story, the message might promise a new development in the search and ask you to click on a link for more details.
By clicking on the link, you are redirected to a legitimate-looking web page hosted on a malicious server that immediately installs some kind of nasty code on your computer.
That malware might be used to steal your personal information (including passwords), pop up on your screen at a later date to extort money, or enslave your machine to be part of a network of zombie computers (what's called a botnet) to engage in things like denial of service attacks on some corporation or other.
Google, which developed its Safe Browsing program to help identify malicious websites, has noticed that search-engine queries on trending topics often turn up a number of suspicious pages.
"Whenever something big happens – Lindsey Lohan's in jail again – you know that the top search that day is going to be Lindsey Lohan, and you know that a bunch of those sites that are going to crop up are going to be engineered to show up for that particular [web search] and in fact are distributing malware," says Fabrice Jaubert, a software developer with Google's anti-malware team in Montreal.
"They try to ride the wave."
Baykal says the biggest malware campaigns of late around trending topics include the Sochi Olympics, tax season and the car crash death of Fast and the Furious star Paul Walker late last year.
Variation on 'phishing'
Mark Nunnikhoven, vice-president of cloud and emerging technologies at global security firm Trend Micro, says current events scams have emerged only in the last couple of years and are actually a variation on old-fashioned phishing attacks, like the old "Nigerian prince" money scam, which proliferated largely through email.
There are also many smaller campaigns, where hackers might, for example, pose as your bank in order to solicit personal and financial information.
Jaubert at Google Canada says that as operating systems and web browsers have become more secure, hackers have increasingly turned to social engineering, such as trending topics scams, to find victims.
Given the widespread interest in hot web searches, hackers have a better chance of convincing their victims that the link they're providing is legitimate than if they had to concoct a story from scratch, Nunnikhoven says.
"The criminal underworld has really upped its game," he says. "The reason we've seen an increase in the trending topics [scams] is that it's a much easier way to bring people in."
In fact, hackers have become so sophisticated and nimble that within hours of the Boston Marathon bombing last year, the Centre for Internet Security had identified 100 new and malicious web domains pertaining to the attack, Baykal says.
- VIDEO: Boston Marathon bombing: 1 year later
- Boston Marathon bombings: Tsarnaevs' role raises more questions than answers
The event not only gave rise to sites promising information on the bombing, but web pages accepting donations for the victims and their families.
Tragedies such as bombings and natural disasters can lead to particularly successful phishing campaigns, Baykal says, because in a rush of sympathy and kindness, people don't necessarily take the time to scrutinize charity sites that spring up.
In the interests of protecting themselves, Nunnikhoven says web users should be more vigilant about what they're clicking on.
One simple rule, he says, is never to click on links in emails from people or organizations you don't know.
Even so, Baykal says the reason these scams have become so successful is because we as a culture have become too "click-happy."
"We all want to know the newest or latest information about a specific threat or specific event," says Baykal.
"The spread of information and the speed of information… and the curiosity and urgency of human beings, when that's combined, the end result is a lot of victims falling prey to these attacks, because they're not thinking."