Crooks are now taking to encrypted messenger Telegram to tout their online how-to courses on cybercrime, according to risk management biz Digital Shadows.
Russian criminals have for some time now taught classes over the internet on how to rip off folks and credit card companies. Digital Shadows, which chronicled this trade last year, said this week there has been a shift over the past 12 months from publicizing these courses on marketplaces to attracting wannabe hackers via Telegram.
After the AlphaBay and Hansa cyber-souks were, ahem, neutralized in 2017, scumbags are now advertising on other platforms various hacking and payment-card cloning e-learning courses, complete with webinars, tutors, and reading lists.
Typically, a few free lecture videos are shared via Telegram to promote the marketing-savvy crooks' cybercrime masterclasses. For example, a tutor held a botnet-related lecture on the messaging system to advertise a new "University of Cybersecurity and Anonymity" course and its dedicated website.
A seat at the classroom table costs $1,100, payable in Bitcoin, Digital Shadows' Rafael Amado detailed on Thursday:
With a slick website, experienced tutors, and course structure that would not look out of place for the most established and legitimate education providers, this example demonstrates how cybercriminals are looking to further professionalize their offerings and monetize their expertise by training less-sophisticated actors.
To further entice students, the University of Cybersecurity and Anonymity has even produced its own minute-long video advertisement, which has been played over 3,000 on mainstream video sharing platforms. This particular programme is priced at 75,000 Rubles ($1,100 USD), payable in Bitcoin, and offers four different global courses, three practicing tutors, 70 unique lectures and over 40 educational days.
These programmes of lectures and workshops educates aspiring script kiddies on currency laundering, cash withdrawal scams, social engineering, botnet creation, and the use of exploits. As such it goes way beyond offering basic card-cloning techniques.
There’s a wide range of cybercrime e-learning services. At the lower end of the scale are guides offered for as little as $1, which typically involve no tutor interaction nor any course material. The University of Cybersecurity and Anonymity, by contrast, claims to offer a fully-comprehensive, immersive, and tutor-led experience.
Online tutorials are also used as a bartering medium between miscreants. For example, one forum user offered free card-cloning tutorials specifically for ripping off eBay and PayPal users to another member in exchange for a favourable review.
Carding forums allow crooks to rate individual vendors – a feature nicked from legit online shops – and positive reviews can bring in more trade. In the example cited by Digital Shadows, the vendor attempted to up-sell stolen credit card information alongside the offer to trade a guide for 5* reviews. "This practice of using online tutorials as a freebie to then advertise a wider array of services is not uncommon," according to Amado.
By understanding miscreants, defenders can look to increase friction at every stage of the cybercriminal process, we're told.
"The evolution of online cybercrime and carding courses is a worrying trend for organisations and consumers, with more amateur actors having access to the training needed to embark on a cybercriminal career," Amado concluded. "Nevertheless, a knowledge of these trends and the techniques being advertised in these courses gives us a valuable insight into the methods being used to target individuals and businesses." ®