There are lots of words to describe cyber criminals: Bold, imaginative and suspicious come to mind from the experts I’ve talked to in the past 12 months. A news story and a security vendor report both out today paint sometimes contrasting pictures about the capabilities and confidence of these gangs.
Trend Micro released a report that says at least some North American groups selling hacking tools, bulletproof hosting services, stolen accounts, products and services, fake documents, murder for hire and illegal drugs operate more openly than their counterparts in other geographies, with sites on the surface Web — not the deep Web as you might expected. Meanwhile security writer Brian Krebs recounts the story of a law enforcement officer who was somehow exposed while trying to make a buy of stolen credit card data, showing how skilled one group is.
Trend Micro describes the North American criminal sites it has discovered as “not a locked vault accessible only to the tech-savviest of hackers, but rather a glass tank—open and visible to both cybercriminals and law enforcement. Cybercrime operations are treated like regular businesses. Several goods and services are blatantly advertised on Surface Web forums and even on popular sites like YouTube to draw in customers.”
In most cases, malware bought include technical support from their developers. The Xena RAT Builder, for example, can be purchased with any of two service packages—Silver or Gold. The Gold package comes with crypting services to ensure that the malware the kit creates would be fully undetectable.
However, drugs are the focus of the underground sites Trend Micro looked at, making up 62 per cent of sales, followed by stolen data dumps (16 per cent) and crimeware (15 per cent). That doesn’t mean these sites of less interest to infosec pros, but those who run these marketplaces aren’t thinking — yet — of aiming them at cyber criminals.
“The open nature of North American underground can mean greater profit for sellers and overall market growth,” the report notes, although it also points out many sites don’t stay up long. For the time being their openness could give law enforcement agencies here an edge.
Law enforcement keeps tabs on cyber thieves by making buys of supposed stolen data. The hope is that the data will identify the source of a theft so the victim company can be alerted. But recently one investigator was somehow caught just as his purchase was making its way to the checkout. Krebs says it’s possible the person was caught on a blacklist of IP address ranges known to be used by law enforcement.
Whatever the reason, it’s “another example of the growing sophistication of large-scale cybercrime operations,” Krebs concluded.