One of the talks scheduled for Black Hat USA next week is by researcher Chema Alonso, who will demonstrate the ease with which he created JavaScript botnets and used them to turn the table on the bad guys. In a phone conversation this afternoon, Alonso offered a preview. “In this talk I’ll describe how easily a JavaScript botnet can be constructed, what the risks are and what kinds of people are using these kinds of services,” Alonso said. In a whitepaper he forwarded me after our talk, a lot of effort is spent reassuring those who might worry about the nature of the research: “Our proof-of-concept work is completely passive, there is no intention to control the lives of anyone, but to study the risks of certain services that have become too popular, such as anonymous proxies and TOR networks.” In the end, he said, all the intelligence gathered was turned over to Spanish authorities. The goal, he said, was to use the bad guys’ own tricks against them and in the process collect intelligence on what they’re up to. When someone connected to one of the rogue proxy servers he created, they were infected with JavaScript that allowed him to monitor their activities. The whitepaper goes into detail about the types of schemes the bad guys were working on: –One proxy service user was a man allegedly selling Visa cards to people with IP addresses from India. “To do that, he was making an intense campaign of spam with an e-mail message requesting payment for Western Union. Of course, some recipients of the messages were quite sckeptical and their responses were very negative, but we could see how some people paid and sent all data to obtain a Visa that would never come.” –Another scam artist kept fake profiles of women in different social networks to use against friends and family of those impersonated. In each, the location, name and age of women were different. The German scammer tried getting people to send him money through Western Union to fund trips to where the women live for a night of “mad, wild, nasty love.” The culprit organized conversations and stored them. He sought money in exchange for naked photos as well. In next week’s talk, Alonso said he’ll repeat the warnings he made at the end of the paper — that TOR networks and proxy systems are bad news and should be avoided at all costs. “TOR networks and proxy systems represent man-in-the-middle schemes in which you must trust to use them,” Alonso said. “Putting a malicious server on the Internet is too easy and is typically used, in a massive way, by people with the worst of the intentions. So if you use any of these facilities, get ready to be attacked.” Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe