Rise of targeted cyber blackmailing

Dear customers, visitors and users,

in the recent months and years, we ‘ve noticed the rise of blackmailing individuals and companies through the internet. Recently, one of our customers was affected by such issue and we helped him to resolve the problem.

We’ve seen a lot of false claims during past years. This isn’t something new. Trojan horse telling you it found illegal software on your computer is very nice example. A lot of people unfortunately use unlicensed/cracked software and thus they are vulnerable to such blackmailing and virus attack.

From the fake police trojans, the ransomware threat evolved to really nasty encryption viruses. Those viruses encrypt your data with a key hold by the ransomware owner. And the owner of a key always requires payment to decrypt your data.

However, as this threat becomes well known, its effectivity is lower. Most companies and individuals use the advanced backup systems, up-to-date antivirus solutions and employ other protective measures to make ransomware attacks unsuccessful. This reduces the ROI ratio for cyber-criminals and thus they’re finding new ways to make more money.

And this is where story of our customer starts. He was contacted by unknown/anonymous third party claiming that his licensing system (provided by us) was broken. This so called “hacker” (we’re bit worried to use “hacker” without quotes, as there was no real technical skill proven during this incident) threatened our customer with claims of insecurity of our licensing.

This “hacker” took one of older versions of TLL (2 years old during writing time of this article). He then opened the .NET reflector and our DLL in it and sent our client screenshot of “source code” with claims that he can crack the application.

As we provide mostly specialized software/components to other engineers with advanced knowledge, our customer was suspicious about that and denied such claim. As an “hacker’s” answer, the RAR package with old version of Treek’s Licensing Library accidentally released without digital signature was sent to our client (this version was available for relatively short period on our website 2 years ago). However, this “hacker” did not claim that its old, maybe insecure version. He claimed that it is a cracked version. However, it was simply not. If this DLL was loaded, licensing would work as usual! Nothing was cracked, nothing was changed by so called “hacker”.

No matter what, never open such archives on your default device. We did check everything in virtualized environment!

But that was enough to cause fear in our customer. Of course, we ensured that our licensing is still secure and helped our client by small improvements on our side he requested. Reality is, that yes, theoretically you can change/crack the TreeksLicensingLibrary2.dll, but most programs will simply deny to load altered DLL. On top of that, we always provide checksums of our DLLs so any developer can write custom integrity checking code.

It means that even if somehow, altered/cracked version of TreeksLicensingLibrary2.dll is created (which did not happen yet!), it will not lead to compromising of applications of our customers. Each individual application must be cracked to load altered DLL file also! It means that cracking TLL code does not give any profit to cybercriminals! It’s actually easier to crack each individual application without cracking the TLL + client’s app. Very simple, but very effective logic.

Another important fact related to TLL is that knowledge of its source code does not mean you can generate license for all protected apps. With TLL, you can generate license only for apps for which you hold the cryptographic key. If you don’t have the key, you cannot generate licenses for that app, even if you have the source code of TLL.

Actually, we already sold our source code as it can be purchased through our website – you can also buy it. And it didn’t (and won’t) lead to any security breakup. Yes, there are many products which utilizes “security through obscurity” approach. But Treek’s Licensing Library is not that case.

The story above describes how the blackmailing threats became targeted today. One or two years ago, I received multiple emails claiming that I was recorded by webcamera during self-experience session and asked to pay some amount of BTC to not make the recording public. However, these emails were widely spread and a huge number of people received same email. Simply, such threats could be easily recognized as SPAM and thrown into junk emails folder.

Nowadays, the targeted threats arise. And they are much harder to resolve. The cyber criminals first carefully study the target, trying to find their weaknesses and if they see any, they will use it. On top of that, fake information has become a phenomenon. Our so called “hacker” carefully crafted fake information and used internal information he gathered from reverse engineering of our old binary files, to be sure our customer will be scared.

In Jan Drozd software company, we take security very responsibly and will investigate and resolve each issue of this type. We’ll always help our customers to make their apps secure. However, Treek’s Licensing Library is licensing component. It is not obfuscator or packer software; thus, its abilities are limited in this field. Of course, that we protect our DLLs with techniques like obfuscation or code virtualization. We simply do not make cyber criminal’s job easy. And that’s probably the reason why they tried to scare our customer with fake information they crafted. It’s simply much more easy to write one email instead of cracking Treek’s Licensing Library.

At the end, I would like to add following recommendation:

  • If you receive same or similar fake claims regarding TLL, please contact us with details.
  • Do not answer the cyber-criminals. Do not pay them any money. By communication or paying the money to cyber criminals, you just motivate them to do more criminal activity.
  • Report any blackmailing to police or other official authority!
Posted in News.