False Frontiers: Spoofing Saga

What is Spoofing??

Spoofing in English means Satirical Imitation. In the context of network security or information security Spoofing attack is a case where a hacker, fraudster, or a network spoofer makes a false identity of someone and gains an illegitimate advantage out of it.

How does Spoofing work??

A spoofing attack has Two parts — the first one being the spoof itself, such as a fake email, website, call, etc. The second one is the social engineering aspect, which provokes victims to take action and lures them into the trap. For example, spoofers may send an email that appears to be genuine that came from a senior or a co-worker, asking for some money online and providing that looks very convincing. They often know what strings to pull to manipulate any victim into taking the desired action without raising suspicion.

A successful spoofing attack can have serious consequences like stealing personal or company information, data breaching and stealing credentials for further attacks, spreading malware, gaining unauthorized network access, etc. For businesses, spoofing attacks can sometimes lead to ransomware attacks or damaging and costly data breaches.

Now there are so many types of spoofing you could not even imagine!! Let’s see them one by one:

Types:

1. Email Spoofing: The sender’s source (the from: field) can easily be forged in emails. This is commonly used by spammers to hide the origin of the email. It can be easily done using any mail server with telnet.

Why is Email spoofing used?

2. Domain name Spoofing: As the name suggests Domain Spoofing is designed to win over innocent users into visiting a fraud website or a site other than the intended one. It is a part of a phishing attack.

3. Referred Spoofing: Some websites that are paid, especially any educational materials or pornographic, etc. allow access to their materials only if we pay through certain approved login pages. This is done by checking the referred header to the HTTP request. However, it can be changed allowing users to gain unauthorized access to the materials. Its major example is using cracked versions of apps like Canva or Spotify.

4. TCP/IP Spoofing, ARP spoofing: Many protocols in the TCP/IP do not provide authentication of the source or destination of a message, leading them to spoofing attacks when precautions are not taken by applications to verify the identity of the sending or receiving host. IP and ARP spoofing may cause man-in-the-middle attacks against hosts in a network.

5. Geolocation spoofing: It is when a user applies any technology to make a device appear to be somewhere else other than where it is located. It is mostly achieved by a Virtual Private Network VPN or DNS proxy server that changes location in a different country, state, territory, or other than where they are actually located, or it just doesn’t show the location at all.

6. Caller ID Spoofing: When you make a call the telephone network often provides the caller ID information that is a number and sometimes a name. But with technologies like VoIP, we can forge that information and present false names and numbers. And gateways between the networks that allow such spoofing to forward that false information.

7. GNS Spoofing: A global navigation satellite system (GNSS) spoofing attack misleads a GNSS receiver by transmitting fake signals, which look like normal GNSS signals, or by retransmitting the original signals captured somewhere else at a different time. These spoofed signals are modified to deceive the receiver to somewhere else than where it actually has to reach. One common form of a GNSS spoofing attack is a carry-off attack. It first transmits signals in sync with the genuine signals to the receiver. The power of the counterfeit signals is then gradually increased and drawn away from the genuine signals.

All GNSS systems, such as the US’s GPS, Russia’s GLONASS, China’s BeiDou, and Europe’s Galileo constellation, are vulnerable to this technique.

Other types of spoofing include GPS Spoofing, Facial recognition Spoofing, and Voice spoofing which are done by AI.

GPS spoofing is widely done by Russian forces, some of the cases are;

In June 2017, approximately twenty ships in the Black Sea complained of GPS irregularity as well as unauthorized GPS, which showed vessels to miss their way and transferred miles away from their actual location. Which Professor Todd Humphreys believed was a GPS spoofing attack.

The mobile systems- Borisoglebsk-2, Krasukha, and Zhitel are reported to be able to spoof GPS.

Incidents that involved Russian GPS spoofing include a NATO exercise in Finland that led to a ship collision in November 2018 and a 2019 incident that affected the civil airport in Tel Aviv, done by the Russian military in Syria.

In December of 2022, another GPS interference was reported in several Russian cities by the GPSJam service; and later it was called to be the defensive measures taken by Russian authorities to clear out the invasion of Ukraine.

Simple Examples of Spoofing in day-to-day life:

1. A false shopping website, staging as a genuine site to ask for payment of goods. But you won’t actually receive any goods you ordered.
2. Someone is sending you an email through a genuine-looking mail to manipulate your schedule in your college. It can look like it’s your class teacher or your friends or any authorized person that emailed you, but it won’t be real.
3. It also has a major role in other attacks like Denial-of-service DOS and Domain Name System (DNS) poisoning attacks.

How to Not Get Spoofed!!

1. Avoid opening links from unfamiliar sources. They might contain malware or viruses which will infect your device.
2. Never answer emails or calls from unrecognized senders. Any communication with a fraudster carries potential risk and invites further unwanted communications.
3. Keep your systems and software updated.
4. Set up two-factor authentication wherever possible. This adds another layer of security to the authentication process for your accounts.
5. Use strong passwords, avoid using the same password everywhere, and change your password regularly. Also, avoid using personal details as your passwords.
6. Review your online privacy settings. While using social networking sites, be careful who you connect with, and learn how to use your privacy and security settings to ensure you stay safe.
7. Don’t give out personal information online.
8. Look out for websites, emails, or messages with poor spelling or grammatical mistakes, plus any other features that look inappropriate, like fake logos, colors, or missing content. This can be a sign of spoofing. Only visit websites with a valid security certificate.

Conclusion: With the rise of technology, comes the manipulators. Awareness is the first step to defense against spoofing attacks. One must stay informed about the latest tactics used by fraudsters and report any suspicious activity immediately. Stay Informed, Stay Secured!

Blog by: Nandni Joshi