Posted on August 8, 2019 at 6:53 AM
Meet “Warshipping,” the Data-Stealing Technique of the Moment
Hackers are continually trying to stay one step ahead of security software and any related practices. And they have succeeded to some degree. Now, they have added another technique to their already large bag of tricks: it is called warshipping, and while it isn’t necessarily new, the frequency with which it is applied has been increasing.
According to specialists in the matter, criminals are now using the warshipping technique as a way to take advantage of the act of delivering packages to infiltrate and attack corporate networks without being detected, and with no traces left behind.
E-commerce Boom is to Blame
According to IBM researchers, the practice of warshipping is performed thanks to e-commerce deliveries being so common and widespread nowadays, as they have effectively replaced regular, physical shops. People find it more comfortable to acquire goods and items from home, but hackers are now pouncing.
The warshipping practice is, therefore, originated by specialists’ research into potential ways to infiltrate some specific networks by sniffing deliveries into the corporate mail. Also, the front doors of individual people can also be exploited.
To perform warshipping, a small device is “planted” in a package at the moment of shipping it. The technology, in this case, is at the criminal’s service: the gadget is minuscule, and because of that, it is difficult to spot. It is a basic, single-board computer (SBC) that is managed from a remote location and is 3G compatible. A phone battery is enough to power it.
Warshipping is extremely dangerous because of the sheer volume of packages being sent every day: consider that in the United States alone, the US Postal Service processes and delivers nearly 500 million pieces of first-class mail on a daily basis, which equals to roughly a piece and a half for every person in the country.
Through warshipping, hackers and cybercriminals are looking to steal valuable information that may be confidential. And, if big corporations are included in the equation, the value of the stolen information goes considerably up. The term “warshipping” was used for the first time by IBM X-Force Red.
The Dangers of Receiving a Package
If a package is dropped on the front porch of an executive’s home, while being within the range of their home WiFi network, think about the possibilities for hackers. That is why it is crucial for people to develop basic, but important security skills to determine possible blind spots that may be exploited by these criminals.
The delivery person or mailman usually doesn’t even know about the fact that he is being used as an intermediary in a sensible operation for data theft or corporate setup infiltration.
The term warshipping is closely related, according to IBM, to wardialing and wardriving. The former refers to calling several numbers of an area to look for modem-connected networks, while the latter consists of driving and looking for these connections.
IBM explains that by making some clever adjustments, they morphed the SBCs into low-power devices that could, with the help of an IoT modem, be connected and exchange data while being enabled. The gadgets have the ability to crack WiFi networks, learn handshakes, sniff data packets, and more.