Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Localization in the Underground: When Fraudsters from the Same Locale Get Together

Cooperation in the Undergound Economy 

Cooperation in the Undergound Economy 

One of the great dangers in the underground economy is that it acts as a catalyst for fraud. A fraudster in Russia who masters the art of phishing can team up with another fraudster who already has the infrastructure of cashing out compromised online banking accounts of US banks. This now enables him to turn a profit from targeting phishing attacks against US banks. Yet, while the underground does provide fraudsters the ability to go global, it is interesting to note that there are certain characteristics to fraudsters from the same countries (or more accurately – to communities of fraudsters from the same country). Everybody knows that the Russian fraudsters are more sophisticated than their English-speaking counterparts. However, this isn’t the only geographic-related difference between fraudsters.

Cybercrime UndergroundTake Romanian fraudsters for example. While the world of fraud is vast and there are opportunities-a-plenty, Romanian fraudsters mostly focus on ATM fraud. In the past, some US-based banks didn’t check for any CVV mismatch. Not to be confused with CVV2, the CVV is a three-digit value within a card’s magnetic stripe. The idea is that as the card holders don’t know their CVV values, they wouldn’t be able to provide it to the fraudster if asked. Without the CVV, fraudsters could clone cards simply based on information that could be requested from the card holder by means of phishing and cash them out at the ATM – and when the banks didn’t check this value during transactions, it is exactly what they did. In many, if not most cases encountered of fraudsters using this “loophole,” the ATM fraud originated from Romania. The news of these “loopholes” were shared among various Romanian fraudsters, but to other members of the communities, they told a different story. They invented a story that they had special “algos” that allowed them to exploit the cards – them and no one else – urging other fraudsters to work with them for a 50% cut.

While many Romanian fraudsters shared the same M.O., the Germans built their own underground communities, much like the Russians. Unlike the English or Russian speaking underground, the Germans focus mainly on targeting Germans citizens. They focus on trading with German credit cards and use special mail-reception units available in Germany as “item drops” (an address which can receive items bought with stolen cards). The German underground also has a huge focus on narcotics, with multiple vendors and websites offering to sell various types of drugs to other members of the communities – something that doesn’t exist in any of the other communities. Interestingly, some German anti-carding hacker groups such as “The Happy Ninjas” focus on German forums, mostly ignoring Russian and English forums of the same type.

Fraudsters are also susceptible to prejudice based on their origin. Many fraudsters would not conduct any business with Nigerians, as many of them used to rip off other fraudsters and beg for credit cards. Even though some Nigerians are extremely prolific in their craft, their origin alone may already be a deterrent for many members of the underground.

The era after the DarkMarket and CardersMarket busts is quite different from the era which preceded it. As Mega-boards become a rare breed in the underground (as they usually have a bullseye on their back from international law enforcement) new forums that pop up need to distinguish themselves from the rest. Focusing on fraudsters who speak certain languages or are from certain geographies is one way to do so. Going forward, we may see the underground becoming ever more segregated, with different resources catering to different niches. In such a scenario, you can expect more “local” communities popping up, with unique traits and customs of their own.

Related Column: Where do Fraudsters Learn About New Attacks? From the Good Guys.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.