One of the first rules of war is to know your enemy. For information security professionals, that means understanding how online hackers, crooks and fraudsters work. What’s the best way to track them?
Looking for threat intelligence on the dark web doesn’t yield as much useful information as you might think. Earlier this month, cybersecurity intelligence company Terbium Labs found thousands of guides for sale on dark web sites offering information on how to steal account data and commit fraud, but in spite of the high volume of files, the pickings were thin.
The company discovered a mixture of old and new guides on the web, some of them dating back to 1990. Many of them were duplicates, sold by fraudsters who repackaged and resold the same material repeatedly. In many cases, the guides were old computer science texts or revamped versions of other works like the Anarchists Cookbook.
Many of the guides still offered actionable information, ranging from account takeover instructions for a specific retailer, to the construction of synthetic identities. In some cases, they also included templates for fake ID and software to verify stolen accounts.
If you are interested in tracking how criminals do what they do, this unreliable and often low-quality knowledge base may yield some results, but is not the best place to look.
News articles and reports from vendors like Secureworks and FireEye can provide useful insights into the organizational structure and techniques used by criminal and state actor groups.
One seasoned security researcher with a background in law told us that the best place to find out more about online fraud and cybercrime techniques is affidavits. While court records are not easily accessible online in the UK, the US publishes them openly. Legal complaints filed by the FBI and other agencies against cyber-criminals can yield a fascinating look at how they operate across a wide range of frauds and launder the money afterwards.
A public access to court records (PACER) account is free and allows you to search for criminal cases in the US courts. You can download documents for a modest (cents per page) fee. Find defendants’ names in news reports and then look for them in an advanced party search.
Reading these raw reports is insightful and entertaining, and will get you a step closer to understanding how cyber-criminals operate on the dark underbelly of the web and beyond.
The topic of Threats, Exploits and Vulnerabilities will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Threats, Exploits and Vulnerabilities here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.
