You're a cybercrime kingpin. You need a new evil lackey. How much do you tell them?

Showing their hand

Researchers were able to glean intelligence on a group’s tactics and capabilities from their adverts. For example, if they are looking to hire people who can run DDoS attacks, then it stands to reason that swamping targeted websites with junk websites is one of the tactics they are likely to deploy. The same goes for organisations looking for with the capability to mount social engineering attack or the coding skills to run cross site scripting attacks or SQL injection attacks. Knowledge of Java, Python and C++ is sought among would-be recruits in some cases. Social engineering skills are frequently required.

Cyber criminals must balance operations security (OpSec) and their ability to recruit - too much OpSec may result in a failure to identify suitable candidates, so cyber criminals are obliged to expose themselves to some scrutiny in order to recruit. Too much OpSec leaves little time to identify qualified candidates, so cybercriminals are obliged to make compromises in their race towards profit.

Stolen information, particular carding details, is a perishable commodity so crooks need a team that can move quickly, meaning they can’t do everything themselves and are constantly obliged to bring in fresh talent. Criminals organisations need a decent roster or they will be left unable to carry out cybercrime at scale, hence the need to recruit substantial number of people over a tight timescale.

During the recruitment process, attackers can leave behind clues that defenders can take advantage of to build resiliency into their security programs. In specifying the skills they are looking for, hackers are essentially showing their hand. In some circumstances, defenders might find specific details about attacks targeting their organisation, while in others they might find general attack trends that could bolster their defences.

Rick Holland, Vice President of Strategy at Digital Shadows, told El Reg that occasionally cybercrooks are looking to recruit people who have access to a particular environment. “Cybercriminals are more like us in the corporate world than we’d like to think,” he said.

Holland said potential recruits are motivated primarily by money but also get involved in illicit activity in order to show off their skills. Occasionally crooks are trying to turn insiders to their own nefarious ends. One advert featured in Digital Shadows research sought help in intercepting money transfers, and was pitched at potential corrupt or disaffected insiders.

Inside knowledge

This ad was the exception rather than the rule. In the most part crooks are going for “low hanging fruit”, straightforward ways to make an illicit profit.

“Getting the basics right like as setting up an app security programme and applying two-factor authentication cane really help businesses in defending against cybercrime groups,” Holland concluded. ®