The Hidden History of CyberCrime Forums

Uploaded on 2017-10-05 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

The notorious dark web marketplaces Alphabay and Hansa were shut down in July following "landmark" action by police forces in the US and Europe to unmask who was running them.

They join a long list of other forums, chat rooms and boards that appeared and were blazingly popular with the criminal underworld before they were compromised and closed. But those sites, including Dark Market, Carders Market, Shadow Crew, Carder.su, Darkode, GhostMarket and the Silk Road, have more in common than just the trajectory of their genesis and demise.

They all follow the modus operandi of a landmark forum set up in 2001 called Carder Planet. Designed for criminals who specialised in monetising lists or "dumps" of credit card numbers, it has had an influence far beyond that select group.

"Carder Planet created the framework for the current criminal underground," said Andrei Barysevich, now a director at security firm Recorded Future but who, at the time the site operated, was helping to monitor cyber-crime in Eastern Europe.

Expert View

The site was set up online shortly after a face-to-face meeting at a restaurant in Odessa attended by some of Ukraine and Russia's top credit card thieves, said Mr Barysevich.

"Odessa was, and still is, the ground zero for cyber-crime," he said. "It is a very criminalised city and a centre of white collar crime."

Before Carder Planet was set up, anyone who wanted to make money from stealing card numbers had to be a jack of all trades, said Liam O'Murchu, a researcher at Symantec who has spent years tracking online crime forums.

Not only did they have to find ways to steal the card numbers, often involving malware or hacking, they also had to work out how to turn those numbers into cash and not get caught.

"What they decided to do was pool everyone's resources, so they did not have to be perfectly skilled in everything in order to be able to do crime," he said.

"They set up the forum where people could come together and trade skills and nobody had to be an expert in the entire chain from beginning to end," said Mr O'Murchu.

The site proved an immediate success and soon had thousands of members all busily trading with each other.

"They got so blasé and so sure of themselves that they organised the first real life meet-up of Carder Planet members," said Mr Barysevich. "Forum members were invited to a resort outside Odessa where they hung out together.

"They had good food, drink and girls and had a pretty good time," he said.

It was not only the attendees who enjoyed themselves. The police did too because news about the conference, as well as pictures of attendees, were leaked to the authorities. It was the first time that many of the cyber-thieves had been photographed and the images were widely studied, he said.

Shopping Growth

Despite the attention, Carder Planet kept going and enjoyed significant success, said Dmitri Alperovitch, co-founder of CrowdStrike and a veteran cyber-crime researcher, who has helped to track down and expose some of its key members.

"It was the right place at the right time," he said. "You had a lot of smart folks in Russia and Ukraine at the time and you had the proliferation of the internet in those days in the former Soviet Union and the economy was doing very, very poorly."

Given that, he said, it was not surprising that those with technical skills and nothing legitimate to do with them turned to crime.

Coupled with this was the rise of online shopping in the US, much of which was powered by people using credit cards. Unfortunately, many of the firms setting up online were better at selling than security, meaning the thieves were regularly able to steal large amounts of card numbers.

Mr Alperovitch said the board explicitly modelled itself on more traditional organised crime groups - specifically the Italian mafia.

Occasional contributors were called "soldiers" and the more someone got involved the higher up the ranks they rose. At the top, he said, were the "dons" and "capos" who ran the biggest scams and collected financial tributes from the people they set working on them.

He said it was also a board on which reputation mattered a lot - a trait seen on many other criminal forums ever since.

Before any criminals worked together they looked for "vouches" - essentially personal recommendations from other thieves about whether someone was trustworthy or not. Without those endorsements a collaboration between say a spammer and a malware writer was unlikely to get started. Anyone with a persistently bad reputation would find that no-one would work with them.

Carder Planet was shut down voluntarily by its creators in 2004 - largely to avoid the fate of other boards, many of which were compromised by police and used to gather intelligence about members.

Many of its members did keep on stealing cards and some of them, notably Roman Vega (aka Boa) and Vladislav Horohorin (aka Badb), have been tracked down and arrested.

Those arrests were a consequence of the open atmosphere on Carder Planet, said Mr Alperovitch.

"They've realised they were quite naive about law enforcement engagement and they did not realise that law enforcement was paying very close attention," he said.

BBC

You Might Also Read:

What Is Selling On the Dark Net?:

International Police Start Crackdown On The Darknet:

« Banks Join Forces to Fight CyberCrime
Get Your Data Strategy On Board »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Imperva

Imperva

Imperva is a leading provider of data and application security solutions including DDoS protection, Web application security, Data security and Cloud security.

L J Kushner & Associates

L J Kushner & Associates

L.J. Kushner is a leading Information Security recruiting firm.

Aricoma

Aricoma

Aricoma are Architects of Digital. We aim to become a major player in end-to-end IT services and digital transformation in Europe.

Trustless Computing Association (TCA)

Trustless Computing Association (TCA)

TCA is is a non-profit organization promoting the creation and wide availability of IT and AI technologies that are radically more secure and accountable than today’s state of the art.

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

TDRA focuses on regulating the telecommunications sector and enabling government entities in the field of smart transformation. It is responsible for the overall digital infrastructure in the UAE.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

JobStreet.com

JobStreet.com

JobStreet is one of Asia’s leading online employment marketplaces in Malaysia, Philippines, Singapore, Indonesia and Vietnam.

IP2Location

IP2Location

IP2Location provide services to identify geolocation by IP address, and to detect IP addresses associated with anonymous proxy servers, which are often used for fraud and spamming purposes.

EVOKE

EVOKE

EVOKE is an award-winning Digital Transformation company that partners with its clients to build digital workplace solutions for organizational challenges.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

Avanade

Avanade

Avanade is a leading provider of innovative digital, cloud and advisory services, industry solutions and design-led experiences across the Microsoft ecosystem.

Aim Security

Aim Security

Aim empowers enterprises to unlock the full potential of GenAI technology without compromising security. GenAI makes business better - Aim makes GenAI secure.

PureID

PureID

Protect your enterprise with PureAUTH #IAMFirewall, Resilient SSO platform, purpose built to provide Passwordless Authentication & Zero Trust Access, by default.

Sublime Security

Sublime Security

Sublime is an adaptive email security platform that combines best-in-class effectiveness with unprecedented visibility and control.