An Inside Look at the Underground Economy
The internet is a powerful communication tool. Much like the way Facebook, Instagram, Twitter and other platforms connect millions of people around the world, cybercriminals also harness the communication power of the web to connect with one another in order to trade stolen credentials, offer services, exchange information and more. In these dark corners of the web, an incredulous amount of stolen credit cards, online banking details, email and social media accounts are bought and sold. Services like faking passport scans, picking up money from fraudulent transfers and offering tools for stealing information are being offered for sale. This is the underground economy, and it constantly fuels the cyber crime fire.
The Underground Economy is Established
The underground economy isn’t new. One of the first underground message boards, ShadowCrew, operated from 2002 to 2004 until it was shut down by law enforcement. Since then, thousands of forums and underground sites have popped up, some appealing to the “fraudster elite,” while others cater to the fraudster public. Overall, the underground economy serves thousands of members from all over the world.
Why would fraudsters need to trade with one another? Committing fraud is a very complicated process. Even an extremely popular method, such as a Phishing attack used to collect credentials from unsuspecting victims, requires many things in order to work: a fake page (or a “scam page” in fraudster terminology), a web hosting service to which the fraudster would upload the fake page, a list of emails of potential victims, a convincing email message that would lure victims to the fake page, and finally a tool that would spam all the emails on the aforementioned list.
Even after all of this has been set up and the Phishing attack has run its course, the story isn’t over. Turning the data into money, to “cash out” the accounts, requires a whole set of skills, tools and infrastructure. Mastering all these trades can be extremely difficult for one person, which is why fraudsters devised a different business model: master one trade, and go to an online marketplace to offer that service. This is why the underground economy exists and how it has supported cyber crime from the very beginning.
The Underground Economy is Organized
There is one major issue fraudsters have had to deal with from the beginning: How can you generate trust between two criminals who trade online anonymously? Because of this issue, the underground economy has rules in place that are strictly enforced in most established sites.
Let’s imagine your mastered trade is creating and selling fake physical credit cards, which are needed when cashing out stolen credit card information at brick-and-mortar merchants. You can’t simply register to one of the forums and start offering your wares. After all, you might be an impostor trying to rip-off other “legitimate” fraudsters (these people are called “rippers” in the underground, and there are many of them). If you’d like to sell the cards, you’d need to first gain “Verified Vendor” status—a stamp of approval issued by the forum’s administrator proving that you do indeed provide the service you claim to provide. In order to obtain this status, you’d need to pass a review by sending free samples to the forum administrators who would then write a review and give you a score from 1 to 10 based not only on your product, but also on your communication skills. Once you passed the review and received the coveted title, you’d be able to create a vendor post offering your wares to other members. To start selling something else, you’d need to be reviewed again on the new product.
What happens if you don’t have a steady supply of goods? For example, if you had only a couple of compromised bank accounts you wanted to unload? This certainly isn’t enough to get verified. In this case, you would post in an area that’s open to all members, but if you or the buyer request to use the forum’s escrow service, the other side must accept or he will be banned forever. The escrow receives the Bitcoins from the buyer, as well as the compromised bank credentials from the seller, verifies that both parties have held their side of the bargain, and then provides the seller his money and the buyer his goods. The escrow, of course, takes a commission for the service.
The Underground Economy is Evolving
The tools fraudsters have at their disposal are rapidly evolving and becoming increasingly sophisticated and user-friendly. The underground economy in which these tools are traded is also evolving. If, in the past, a vendor of compromised credit card credentials sold his wares through forums, today this vendor has likely opened his own dedicated website for that purpose. Why? Because, whereas in the forums the vendor needed to communicate with customers and deal with rippers and fraudsters with poor communication skills in order make a sale, with their own website they can completely automate the entire process. Why miss out on deals while you’re asleep, when you can sell your goods through a virtual ATM?
Fraudsters show ingenuity in how they commit fraud, the capabilities they add to their tools, and also in how they buy and sell among each other. With all the tools and services available in the underground economy, a fraudster doesn’t need to know too much to become a cyber criminal, making fraud accessible to even the most unsophisticated of fraudsters.
Did you enjoy this post? If so, subscribe to get a weekly roundup from BlogDOG.