HIGH-TECH CYBER criminals have infested so-called internet ‘dodgy box’ TV systems with malware to steal Irish users’ data, The Journal has learned. 

Cyber security sources have said malware software has been detected in Ireland which is downloading personal data contained on internet connected household devices, including dodgy boxes.

It comes after a major global cyber attack earlier this year that is believed to have compromised two million Android devices worldwide. At the time, it was speculated that Irish dodgy boxes and Android-enabled TVs could have been affected.

Dodgy boxes are illegal streaming devices – used in many thousands of Irish homes – which offer cut price or free access to thousands of channels for movies and sport.

Readily available software can provide criminals with an access point to dodgy boxes, as well as to other devices such as tablets.

News of the Irish issue around those devices comes as Interpol has warned that your smart TV or any household device connected to the internet could feed your personal data, such as bank details, straight to scammers.

Hackers are using a system known as BadBox 2.0 which is a large scale Android malware supply chain operation which involves the pre-infection of consumer devices. Pre-infection means that the software is placed on the machine by corrupt factory workers when it is manufactured, generally in factories in Asia. 

Interpol’s director of cyber crime, Neal Jetton, told The Journal this system is commercially available and cheap. 

Ireland’s National Cyber Security Centre (NCSC) has said Badbox is mostly being used to infect low cost Android devices such as tablets, connected TV devices, digital photo frames and phones.

The sophisticated hack involves the systems being targeted usually by rogue firmware images installed during manufacturing or distribution. A firmware image is an apparent legitimate picture that contains the offending data that infects the device.  

Jetton explained that the infected devices report back to a proxy server operated by the hackers, who then have access to devices such as your smart TV and use the personal information stored inside it to commit vast frauds.

Inside Interpol’s headquarters in Lyon, France and at a base in Singapore, investigators are monitoring the workings of this cyber-criminal world. Recently, The Journal travelled to Lyon to hear from experts fighting the scammers. 

Interpol acts as an international liaison and information dissemination service, linking up with police forces in Ireland and other countries. In Ireland, the Garda’s National Economic Crime Bureau and the National Cyber Crime Bureau are tasked with domestic investigations, along with the NCSC.

Jetton, who is a US Secret Service officer, said that in parallel with the proliferation of call centres where hundreds of scammers cold-call people, there has also been an “industrialisation” of cyber crime: hacking has shifted from a small-scale crime to a largescale, hugely professional business enterprise. 

“They can really do this across the globe,” Jetton said. “Anybody can go in and register and start using residential proxy services or these tools.”

The expert said that it is now a huge global enterprise with southeast Asia proving to be one of the most popular locations for scammers. 

Neal Jetton leads the Interpol Cybercrime Directorate based in Singapore. Alamy Stock Photo Alamy Stock Photo

“We want to get the word out that these things exist, and that these are issues,” Jetton said.

“I know that is the case with BadBox. We can do things on a global scale…going after those sort of tools that criminals are using every single day,” he added.

Staying safe

The Irish National Cyber Security Centre has advised consumers to “exercise caution” when purchasing low-cost smart devices.

They have also advised that people should only buy from trusted vendors and that they should ensure that Google Play Protect, Android’s malware protection, is enabled.

They have also advised people to avoid downloading or sideloading applications from unofficial marketplaces advertising free streaming content.

Keeping smart devices up to date with operating systems and firmware is key.