Follow us

We have tested how Evil Twin works and teach you how to protect yourself

In 2021, Blockchain fake is a full-fledged copy of the site with the only difference in the domain, where the main idea is that the visitor does not understand the substitution and enters the data hackers want.

Updated: September 11, 2021 By Hamna Imran

Title image for The Evil-twin of Blockchain is ready to steal your money

So far this year, about $13.4 million has been raked in by the top 10 most successful blockchain scams that are currently active, according to Atlas VPN.

All of us know a lot about internet scams, phishing, etc. But did this thought ever cross your mind that your blockchain data might be at risk?

Probably not! But today, I will let you know how the evil twin of blockchain might put your information, data, and money at risk without you even knowing.

Not to scare you, but once our Information and Credentials seep into the evil twin black hole (In this case, blockchain.com), nothing comes out secure. In short, the information we provide is used to steal our money.

Read on for more insight.

Evil Twin Attack (ETA)

According to Phil Fox, at “SIGCSE '21: The 52nd ACM Technical Symposium on Computer Science Education Virtual Event USA March 13 - 20, 2021”:

An ETA is a spoofing attack in which a malicious actor duplicates a wireless network Access Point (AP) by creating a copy of its Service Set ID (SSID) and/or corresponding Message Access Control (MAC) addresses.

An attacker can configure his Service Set Identifier (SSID) to be the same as an access point located on a wireless access point or corporate wireless network.

Then, directing a DoS attack on the access point, for example, creating radio frequency (RF) interference around it. Legitimate users will lose their connection to the organization's wireless access point or wireless network and reconnect to the attacker's access point. This is called the “Evil Twin Attack”.

Techopedia states:

An evil twin, in network security perspective, is a fake wireless access point (WAP) that may appear to be an authentic hotspot provided by a legitimate provider.

In an evil twin attack, a hacker makes this fake hotspot to grab the personal data of naive users. Either by spying on a connection or employing phishing techniques, sensitive data is stolen.

Moreover, an evil twin displays fake login pages, permitting the attacker to steal user credentials and obstruct the external traffic on that device, to steal sensitive data which belongs to an organization.

Evil Twin Attack (ETA) in Blockchain

Blockchain mechanics are pretty complex, but the basic idea is simple:

“Decentralization of the stored of data so that a central entity cannot own, control or manipulate it”

This serves in keeping the blockchain secure, but evil actors always find their way around to spread malware.

Atlas VPN reports that:

CryptoMixer.com is the largest known active blockchain scam, collecting 167 payments worth above $2.5 million since its December launch.

A piece of software called Bitcoin tumbler breaks down crypto transactions into smaller parts then combines them with other transactions before sending them to their destination. The action makes Bitcoin transactions difficult to trace, it said.

The scam ranked third in Atlas' analysis, is malware linked to a fake wallet application that mustered about $1.9 million from 372 payments. It said that on average, one payment was valued at about $5,053.

As an average user only sees the GUI (Graphical User Interface) but ignores the web address or domain. As a consequence, when the user enters the credentials or required data to log in to his/her account, the scammer gains access to the account.

Cryptopotato wrote that:

Delia Rickard – ACCC Deputy Chair – declared Aussies lost nearly 70 million AUD (or 50 million USD) because of such scams for the period between January and July 2021. Cryptocurrencies, and especially Bitcoin, ranked first as the most common investment fraud.

More than half of the $70 million loss was related to cryptocurrency, especially through Bitcoin, and cryptocurrency scams were also the most commonly reported type of investment scam, with 2,240 reports.

Creation of Blockchain fake

An Evil Twin can easily be created by an attacker with a smartphone or computer and using some easily available software with basic knowledge, and many of the online software is providing an opportunity to such hackers and scammers while claiming to be for “educational purpose only”.

All they do is go through some GUI-based screens and dialogues, and you have your ETA ready. So, let's go!

To me, there are two types of ETA which I have listed below

Domain differing Fake

Many attackers only create a single webpage or design it in some graphics designing software (even screenshots of the real page work) and attach the credentials entered there.

When the user enters the credentials, it is saved in their database, and the login request returns with either an error or are redirected to the real login page, making the user think he just made some mistake in entering the credentials.

All an attacker needs is a domain to launch that page from the rest is all cheese and cake.

Duplicate webpage Fake

In this type, the attacker creates a duplicate of the one single login webpage or all the pages found in the real website, then he afterward attaches the credentials entering form on the Log In page, and when the credentials are entered in it, this may give an error like 401 not found or maybe redirects it to the real login page with some unable to login error.

In this case, the user thinks that due to some typing error, his login wasn't successful, and he enters the credentials again and successfully logs in without noticing that he has been a victim of Evil Twin Attack.

The fake website has programming done to redirect all buttons or tabs to the real webpages tabs or the ones designed, so the user doesn't doubt the page.

Evil-twin creation in the blockchain

According to Kaspersky:

Fake exchanges, fake mining hardware, and wallet phishing are the most popular crypto scams of the year, many of which are said to have a higher-than-usual level of detail.

Through some simple steps, I created this fake blockchain through a simple procedure targeting its vulnerability without digging into the details.

  1. Login and password capture

    Logging into the blockchain.com

  2. IP spoofing

    Authorize login attempt to Blockchain.com

  3. Recover secret key to BYPASS account restrictions, i.e., Two-factor authentication+ whitelist by IP address

    Bypassing account restrictions

  4. Adding missing features to fake itself
  • Additional confirmation password aka the second pass
  • Adding a function to send data for the second password
  • Adding a function for sending balance data.

    This is what Blockchain.com evil twin looks like

Remember that this is just the gist of all the steps which are done through programming.

Stay far from Evil Twin

After reading all the information given above, the conclusion is that ETA is very easy to create, and an attacker with little effort and expenditure can fake any website (in our case blockchain.com and not just this, but there can be a whole world of fake blockchain sites).

Because of the vulnerability of the user, this topic has become a great talk of the town. The topic has gained remarkable research interest in the past decade.

It is very difficult for anyone to detect Evil Twin attacks because a real website and a fake have no obvious difference unless you notice keenly.

However, you can take some steps toward staying protected.

  1. Reassure the domain name or website address is legit each time you log in.
  2. Change your password often so that if someone has access to your username, they may lose your password.
  3. Always use two-factor authentication to make your account secure.
  4.  Email, messaging app, or social network offerings coming with a link about a crypto deal can be harmful. Don't follow them, and instead, research the name of the exchange or online store making the offer to determine if they're legitimate.
  5. Beware of superabundant offers: If it's too good to be true, it probably isn't true.
  6. If anyone offers you access to a crypto-related app that has to be downloaded from outside the official iOS, Android, or other app stores, don't download it. Only apps from trusted sources are safe.
  7. Use a security product that can detect phishing and other scams.
  8. If you're unsure about the safety of an online store, take extra precautions, like studying the site's WHOIS data and looking for a young registration date or a private owner. If anything seems suspicious, don't buy it.

Blockchain-based solution for Evil Twin Attack

Decades after the emergence of wireless networking, the wireless network Evil Twin Attack (ETA) is still not mitigated completely.

Author Phil Fox proposed a solution for ETA in the conference "SIGCSE '21: The 52nd ACM Technical Symposium on Computer Science Education Virtual Event USA March 13 - 20, 2021

trusted: A blockchain-based solution that provides means for clients' (End Users') verification of AP devices as trustworthy using minimal (if any) connection to time. Thus using, Ethereum blockchain and smart contracts as a medium for an End User to challenge an AP's credibility.

Next, the AP (or AP trust-managing entity) delivers a sound, unique response to both the blockchain via smart contract and the requesting End-User by a network channel.

The End User validates an AP response using cryptographic integrity-preserving tools alongside an additional capacity for auditing an AP ownership chain.

Once authenticated, clients have a good enough reason to feel that their connection is trustworthy, genuine, and under the positive control of the intended public WiFi provider.

TrustedAP: Using Ethereum to mitigate the Evil Twin attack

Conclusion

Newer scams and attacks keep on appearing every day as it’s an unfortunate fact that criminals explore and abuse new technologies way before Security specialists do.

As a consequence, a lot of people end up losing their sensitive information to attacks like ETA. Hence, getting aware of prevalent scams and knowing how to deal with them will result in a safer world.

Let’s get rid of these vices together.

Your questions are highly anticipated.

Author
Hamna Imran
Cyber Security student and keen learner, writing articles for several other websites.

Leave a comment

click to select