Tales of the Cyber Underground: Cyber Crooks are Comin’ to Town

Tales of the Cyber Underground: Cyber Crooks are Comin’ to Town
Tales of the Cyber Underground: Cyber Crooks are Comin’ to Town

Like much of the world’s population, digital criminals like to take a break at Christmas. Credential theft and phishing in general slows down. RSA tells me it usually sees a peak in November, but this year ‘Christmas came early’ and it identified over 62,000 phishing attacks in October. That was an all-time high for attacks in a single month. It was almost two per minute. But then in November, it dropped back to 40,000 and the security arm of EMC expects to see even less through December.

“Fraudsters are all busy cashing out, buying gifts and enjoying Christmas”, says Daniel Cohen, head of knowledge delivery at the firm’s Anti-Fraud Command Centre in Israel. “Everyone's got to rest, right?”
Not everyone does, though. For those browsing the forums for a Christmas gift, there is still much on offer, especially for anyone looking for illegal access to games. Having heard from Kaspersky that gamers were targeted by 11.7 million attacks in 2012, and that there are at least 4.6 million pieces of gaming-focused malware out there in the world, it’s an apt time to highlight the massive market for gaming goods on the dark markets. And it is huge, from malware that steals credentials to cracked games and much, much more.

One title that gets a lot of attention is Minecraft, the massively popular indie block-building title. One post this month offered a free brute forcing program to guess passwords for Minecraft players. The Deathtone Minecrack tool came with a ‘username leecher’, capable of sucking usernames from official Minecraft forum threads. A brute forcing algorithm then simply guesses at their passwords.

But it is the Steam gaming platform and marketplace that attracts the most attention. Many show off the games they bought using stolen credit card details, otherwise known as carding. But given Steam owner Valve is getting better at detecting fraud, the crooks need to figure out ways to avoid its security team. One member of a certain hacking forum this month said they had “carded a Steam game” and were “panicking” having been banned soon after, asking for help from others.

He’s Making a List, He’s Checking it Twice

Thankfully for that particular user, a number of Steam Carding Services have cropped up on the forums in the past fortnight. One claims to have a “method” that means those games bought with stolen credit cards will not be removed and the user won’t be banned. “I can card all games on Steam”, they say. The price is 30 per cent of whatever the value of the game is.

There are other ways of getting around games companies’ security mechanisms. Another seller was offering PlayStation Network accounts “with genuine credit cards attached”, not stolen ones. This meant the account would not be banned and would be anyone’s to keep if they simply changed the email and password, the dealer bragged. “I have cracked these accounts myself with a config I made myself”, they added. “I have bought PS3 games worth over $720 from other accounts that I have cracked.” They offered one account for $20 worth of Bitcoin, or two for $30.

Access to accounts can go for much cheaper. One post, started in July, offered fresh accounts every day for just $1 each. Steam, Minecraft, Uplay and WarZ logins were all on offer. The dealer was still flogging them by the time mid-November came around.

He Knows If You’ve Been Bad or Good

The next big thing to look out for is direct attacks over consoles. As noted by Kaspersky Lab expert, Christian Funk, Trojans for the Nintendo 3DS and Sony PSP handhelds have already been spotted in the wild. But all they do is break the devices. Funk thinks that as consoles increasingly move away from solely being gaming platforms, and become entertainment and shopping hubs, they will be increasingly attacked for financial gain.

“Since the makers of devices are increasingly including the possibility to install additional applications (and pay for them via credit cards, saved on your gaming account) and social media interconnectivity to share the progress and achievements in a game for a ‘fuller gaming experience’, as well as offering decent hardware performance, consoles are in fact attractive for criminals”, he writes in a blog post.

“All this offers a new playground for malware types like ransomware, which could lock up the console until a ransom is paid, Trojans that steal personal information stored on the device (login credentials to the online account or credit card information) or abuse the hardware performance to mine bitcoins, as seen on PCs.”

I’ve seen nothing like this on the forums yet, but in the years to come, expect to see at least a handful of dangerous console malware types. Given NSA agents are even masquerading as genuine gamers to spy on people, everyone needs to watch out for those trying to ruin others’ fun. Security is for life kids, not just for Christmas.

You Better Watch Out

One more thing for 2013, as we’re on a Christmas theme. Whilst most kids will get a satsuma in their stocking this Christmas, internet crooks can get their hands on a considerably unhealthier, far more expensive citrus-themed goody: the Sweet Orange Exploit kit. It’s doing the rounds on a number of forums and I came across one advert for the first time this month.

The reason it caught my attention was that Dell SecureWorks issued research recently that found a hacker offering this kit for $450 per week or $1800 a month. The ad I saw, dating from July last year, but still gaining attention from the community over the last month, offered it for $375 a week, or $1400 a month. It would appear that prices are rising then, even after the arrest of Paunch, creator of Blackhole, which was far and away the most popular of the exploit kits.

So don’t expect any deals on the dark web when the January sales come around.



What’s hot on Infosecurity Magazine?