The Underground Economy: A Fraudster-Eats-Fraudster World
The underground economy is referred to by some as “organized crime.” But, as we’ve discussed in the past, this definition can be quite misleading. The underground isn’t structured the same way as classic “organized crime” outfits are structured; there’s no boss instructing his subordinates. Instead, the underground economy is a capitalistic marketplace where everyone is free to operate independently, as long as they follow some strict rules (hence the “organized” part in some people’s view). These rules exist to ensure trust between two parties wishing to remain anonymous, and they’re crucial to keep the underground running because many try to breach this trust. Rippers, for example, the bane of the underground economy in the eyes of “legitimate” fraudsters, are individuals who specifically try to rip off other fraudsters. But rippers aren’t the only threat fraudsters face in this cutthroat world.
One of the tools fraudsters use to attack each other is malware. This is quite common in the underground; a fraudster will share a criminal tool, such as a spammer that can send millions of emails to potential victims, only the tool is embedded with malware. Considering how proficient fraudsters are with malware, this shouldn’t come as a surprise. After all, malware is a tool they use every day.
Why target a fellow hacker with malware? Because in a fraudster’s eyes, they make an incredible target. Think about it: infect a regular person’s computer, and you may have stolen his identity. Infect a fraudster’s computer, and you may get your hands on all the identities he’s stolen. Because they’re such lucrative targets, fraudsters who receive free gifts become very suspicious, verifying multiple times that the tools are malware-free before attempting to use them.
On the topic of free tools, there’s another threat they possess: backdoors. Backdoors come into play when a fraudster shares a tool such as a Phishing kit that’s embedded with code that would not only send the results of the Phishing attack to the user, but also to the tool’s developer. The fraudster behind the backdoor banks on the fact that many fraudsters who would use a kit are technically inept and wouldn’t discover the backdoor. They’d use it without knowing that the results of their hard work are being shared with someone else.
While the aforementioned threats may sound like something that fraudsters could easily avoid with a bit of common sense, it’s important to remember that there are many fraudsters who, like their victims, aren’t very technically capable. To make matters worse for fraudsters, when a business goes south for a respected member of the underground community, these established vendors with excellent reputations might turn on their loyal customers and attempt to stab them in the back. For example, one vendor was selling to other fraudsters a method for scamming accounts from a specific bank. When the targeted bank increased their security and made his method obsolete, he actively reached out to his fraudster customers and attempted to send them malware. Why? His reputation was on its way to being tarnished (since the method he was selling would no longer work), but by infecting his customer’s machines with malware, he’d still be able to make some money.
Some articles have created an image of the underground economy as a tight-knit community of cybercriminals working together for everyone’s benefit, resulting in massive amounts of cybercrime. In some ways, that picture isn’t far from the truth; fraudsters do help each other out from time to time. But the underground definitely isn’t a tight outfit of people who have got each other’s backs. With rippers and fraudsters trying to infect one another, quite the opposite is true.
Want to see more content like this? Subscribe to get a weekly roundup from BlogDOG.
The LogDog anti-hacking and privacy tool protects the most popular online account types including Gmail, Facebook, and Dropbox by detecting unusual access activity and alerting users so they can take control of their accounts before hackers do.
The service can be used across all devices and OS’s, so you’re always being protected. Here’s the Android and iOS links for you to check out.