Archives

Introducing the internet Black hole

Only a few hundred dollars and you would be the happy owner of a simple and easy hacking tools kit – Meet the Black hole.

Few months ago I wrote a series of articles about hacking kits, which described ready-made kits that allow to attack computers automatically, without the immediate experience or ability as a hacker.
These kits stood out thanks to their offensive capabilities. This time we meet the Black hole hacking kit, combining the capabilities of each prominent hacking kit in recent years, and added a number of unique capabilities.

The Black hole hacking kit beta 1.0 version was released in August 2010, based on scripts written in PHP and uses MySQL database, like most leading hacking kits. What distinguishes it from most reviews is its encryption, which is based on IonCube open source commercial encryption, which is very difficult to crack. The paying clients of those hacking kits were mainly script kiddies, but also some hackers who broke the code to use the kit’s breakthroughs combined with its ultra-strong encryption.
The strong encryption enabled the creators to completely give up the normal pricing model of one-time purchase and update payments, and make a first kit used a subscription-based licensing system for a limited time (today most hacking kits make use of subscription based pricing model).
The kit, which was advertised as “testing system security networks”, came out with a large number of hacking options and protection from anti-viruses, some of which were not available in other competing hacking kits, and has become the most popular intrusion kit among criminals online leading past two years by a considerable margin over other hacking kits.
In the following price list, published along with the beta version release, you can see that the kit was offered three years ago as an annual subscription that its price rose more than the cost of other leading hacking kits that were available at the time.

In addition to the kit’s high encryption capability, it has several other built-in protections from anti-viruses:

•    Various obfuscation techniques to disguise the code of scripts that attack sensitivities in JAVA, Adobe Flash, Adobe Reader and HTML.
•    These methods are also used to disguise the code when combined spam or attacks on browsers and operating systems.
•    The goal is to avoid detection and blocking by anti-virus software while still in the initial hacking phase.
•    Plugin that provides testing of new malware automatically through AV-Check website (Virus Total like site for hackers).
•    Like all the sites and forums that serve hackers, it cannot be found through the standard search engines, and cannot login without registering through Darknet forums.
•    The service allows users to create a set of new variants of the malware and its encryption, and check immediately if they are detected by anti-virus before using them in practice.
•    A blacklist of security companies addresses updated with every automatic update of the kit, with the ability to import web address ranges and combination of the system through which users can share those addresses with each other.
•    Only one attack of IP address, in order to avoid anti-virus companies honeypots.

When a potential victim enters the page of the kit, through spam or through a Facebook link or a hacked legitimate site, the kit runs preliminary examination of the attacked computer that provides effective information on:

•    Type of the breach that penetrated the computer
•    The operating system of the computer being attacked
•    The country where the computer is being attacked
•    The company that provides references to the attacked site
•    The browser through which the attack was taking place

All statistical information combined with the percentage of successful attacks presented in a convenient and well-designed view when you can even edit the view of the interface with widgets that display the information of interest to the hacker.
The main window interface provides statistics with successful attacks on all types of popular browsers, attacks through Flash, Java, PDF and HTML, and all common operating systems.

It is important to remember that hacking kit does not work only through designated websites who are referred by porn sites and file sharing sites, but also through legitimate sites and even large popular portals. Major sites usually track hacking site links relatively in short time, but the high traffic visiting those site still allows an attacker to reach a large number of computers before tracked.
During the past two years there have been numerous cases where major portals in the country were hacked and were used to distribute malware, which of course did not reach the media for obvious reasons.
Therefore it is important to update your Flash Player, Java or PDF the moment a security update comes out, rather than leaving the update alerts on the taskbar without reference, as I usually see when I connect to infected computers…
Free or basic anti-virus usually don’t detect initial hacking, as well as the malware implanted through the hack, so it is also important to use a full security package of one of the leading anti-viruses.