March 13, 2015

In recent forensic investigations for U.S. customers, we stumbled across a lot of non-proxy’d attacks from Latin American countries. Many people ask us why a lot of attackers don’t even both to disguise their true source IP addresses? Well, there are a lot of different issues surrounding this.

  1. Weak IT Legislation, no IT legislation or governments/law enforcements unwilling to co-operate with certain countries. This is something that can’t be changed and won’t be changed easily. In certain countries you can buy piracy software, piracy music on 8 Gib USBs, 100 Gig hard drives full of latest movies in “mercados”. Those countries of course don’t care about hacking activities or other illegal actions done online, if they permit it offline.
  2. Complete incompetent Internet Service Providers who ignore all aspects of Security, logging and so forth. We won’t mention countries or ISP names but the issue is more than wide spread. During one of our recent assignments we found that complete Peering Routers of various IPs had no access filter for remote access and the usernames were set to: admin and guess? admin123. We discovered that all main core and DSL access routers all had the same local authentication of admin and admin123. Should a hacker uncover this, a 4 million people city is pretty much offline.
  3. Wireless Security is to 95% non existent. For example in Mexico 50% of all private and business users have either their Access Points open or WEP encrypted. Those who use WPA, leave it to factory standard which is a numeric number of 8 – 12 digits. A rainbow table for this is standard equipment for any Pentester. Then you have like 5% left where you may need to employ Social Engineering techniques.
  4. Location Tracking and IP address assignment from ISPs. Another big problem. IP addresses are being handed out in a widely uncoordinated manner, meaning that a person in city X will get an IP in city Y. Mobile Apps particularly suffer from those assignment and tracking problems making it really hard to track the actual location.
  5. Little to no IT Security awareness amongst employees of ISPs and businesses. Whilst social engineering works well in developed countries like the U.S. or Europe, in Latin America even basic password rules are widely ignored. There is a strong understanding that physical security is important (gates, guards, cameras etc.) but IT equipment is left wide open.

The list goes on and on and with those deficits in IT Security across complete country infrastructures, hackers and people with malicious intend have no obstacles in their way doing what they are doing. The missing legislation in many countries along with the non-enforcement of the little legislation in place certainly assists hackers in their activities.