Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

The Return of the Mega-Boards: Is the Underground Economy Returning to its Former Glory?

They say history repeats itself, or perhaps this is the story of a community recovering from a catastrophe. Either way, the underground is returning to its former glory, and not just in how much business is being conducted – but how it is conducted. In 2006, the English-speaking part of the underground economy was a prosperous community, with several mega-bulletin boards competing for the business and the heart of fraudsters from all over the world.

They say history repeats itself, or perhaps this is the story of a community recovering from a catastrophe. Either way, the underground is returning to its former glory, and not just in how much business is being conducted – but how it is conducted. In 2006, the English-speaking part of the underground economy was a prosperous community, with several mega-bulletin boards competing for the business and the heart of fraudsters from all over the world.

On one corner there was DarkMarket, on another CardersMarket, in addition to smaller forums such as CardingZone, Talkcash and others. Most fraudsters bought and sold on multiple forums, but that didn’t help to negate the animosity between the managers of the different forums. This has led to some big moves on behalf of the administrators, such as CardersMarket’s administrator Iceman, a.k.a. Aphex, a.k.a. Digits, taking over and assimilating three of his competitors. These eventful times came to an abrupt end in two of the biggest events of them all – the arrest of Iceman and the revelation that DarkMarket has been an FBI sting site. Both CardersMarket and DarkMarket were shut down after each event, driving fraudsters deep underground, afraid of being next on the law enforcement captured criminals list. One era in the fraudster economy, one that was thoroughly documented by Kevin Poulsen in his book “Kingpin” has come to an end – and another one started.

Cybercrime Underground EconomyLaw Enforcement’s success was a nuclear strike on the sophisticated underground economy, one that left a desolate land. However, much like in the description of Mad Max or Fallout of a post-nuclear society, this strike did not eradicate all life. Many Nigerians and smalltime fraudsters continued to scour the lands, searching for partners to trade with, and in many cases rip off. The underground was still bustling, but instead of business being done in gated communities with strict rules and the guiding hands of administrators, it was done in the much less sophisticated, business-oriented chaos that is the IRC chat rooms. These were not communities, but bustling markets where fraudsters came to offer their wares and to haggle. There were no esteemed members, no community services such as escrow, no tutorials for starters, nor verification that the person you’re doing business with isn’t going to rip you off the first second he gets. Anyone in these channels not focused on conducting business was labeled a time waster and suffered from the scorn of the other members. Small forums did open up, but they took the characteristics of their chat room counterparts – all business, no services, every man for himself. The few attempts to build a community, such as GhostMarket, were taken down relatively quickly.

Fast forward a few years, and the first signs of recovery are shown. Although not exactly mega-boards, certain forums did obtain enough momentum to become a hub for “real” fraudsters. At the same time, an interesting trend started to catch on – automated websites for underground services – specifically, automated credit card stores, which I wrote quite a bit about in previous articles. The first stores were originally operated by the Russians, who were unaffected by the events in the English-speaking communities. However, these stores quickly caught on by the non-Russian speakers and ushered, as certain law enforcement agents put it, the “Industrialization of the underground”. No longer was trading done by privately talking to a vendor, but instead buying underground services was done through sophisticated automated systems – allowing both vendors and buyers to provide services in all hours of the day and in much greater numbers. The trend has become so widespread, that store kits were circling around the underground, enabling any interested vendor the ability to set up (automated) shop. Dozens of stores opened each month and the bulletin boards quickly became the new yellow pages for the underground economy. Animated and colorful banners quickly started popping up in the forums, attempting to turn members into prospective buyers.

Comparing the state of the underground today to its state several months ago, it seems that things are changing once again. Some of the recent English-speaking forums resemble their ancestor mega-boards, with a strict policy of who is ushered as a member and with industrious administrators laying down strict rules while kicking out anyone who isn’t following them. Just like in the days of yore, these administrators are respected and feared by those who join their communities. The relatively safe environments that these forums provide fraudsters draw the masses who apply to become members, which in-turn draws the vendors of underground services. An interesting twist is these boards’ interaction with automated credit card stores. Instead of going against them – they’ve embraced them – offering the “official” automated store of each forum. These stores offer a platform for interested credit card vendors to sell off their wares, instead of putting up a message in the forum. Only forum members are allowed into the store and every account is associated with a username of the member in the forum.

The “official” credit card stores have been quite a game changer. As fraudsters flock into these trusted stores, where buyers know they will get not only the best products but also a good service if something goes wrong, vendors prefer to sell their wares through those platforms and not to open their own store. Why spend time and money promoting your own store when there’s already a place with plenty of buyers eager for your product? Ever since we’ve started tracking the automated stores trend, the number of new stores opening each month was relatively high. However, in the last several months, it has substantially decreased.

It’s not as if all the legitimate vendors already opened stores and thus the numbers of new stores are dwindling. These stores often have a short lifespan, thanks to the vigilance of security firms, experts and bloggers such as Brian Krebs and Dancho Danchev. Some credit card stores were closed and re-opened half a dozen times in different hosts and domains – and those were calculated in the numbers we’ve observed (and they haven’t all moved to bulletproof hosting services, either).

Iceman, El Mariachi, Cumbajohny, Gollumfun, ChaO and yes – Master Splynter – were the underground celebrities of their generations, whether they were respected or hated in the underground communities. With the current round of forums showing promise to become the next mega-board, it looks like a new generation is going to have its own set of heroes and villains, at the expense of stolen dollars and identity theft victims.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.