nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

American cyber crims operate popup hack 'n crack sites in plain sight

Yanks thumb noses at cops, use YouTube to sell RATs

By Darren Pauli, 14 Dec 2015

North American cyber criminals are so blatantly thumbing their noses at law enforcement that their forums have been nicknamed "glass tanks".

The selling of malware, stolen credentials, and other crime services are so open they can be found using Google, Trend Micro researchers Kyle Wilhoit and Stephen Hilt say.

Moreover, the forums post advertisements across web sites and post YouTube videos in a bid to gain more users.

This stands in stark contrast to almost every other serious crime forum which attempts to hide from police and vet the criminal bent of registered users.

"In effect, the North American underground is more like a glass tank where business goes on in full view of both cyber criminals and law enforcement," the researchers write in the paper North American Underground: The Glass Tank [PDF].

"Unlike other underground scenes, a lot of North American cybercrime operations don't shy away from peddling its goods in the open.

"Underground sites have a short life span, and they can easily disappear within a short span of time, which makes tracking the illegal activities and the people behind them very tricky for law enforcement, who has to keep up with the cat-and-mouse game on every takedown operation."

Threat bods found the typical scattering of malware and services on sale; keyloggers, remote access trojans, botnets, and spamming tools. Bulletproof hosting services that are used in malware attacks for command and control, among other uses, are also on offer, alongside distributed denial of service attack services, and virtual private networks.

Crims are also flogging remote desktop protocol access to hacked sites, including root access, which serves as helpful hop proxies during attacks.

A string of hacked accounts are on offer too including, as El Reg reported, bargain Netflix, Spotify, and Origin accounts.

Drugs, fake identities, and other spurious offerings are also flogged alongside weapons and claimed murder-for-hire services.

"Although several criminal transactions are done out in the open, they are very fickle. The lifespan of most underground sites is short. They could be up one day and gone the next. Investigations will have to keep up with this fast pace."

It is the latest analysis for Trend which has so far examined the German, Chinese, Brazilian, and Japanese criminal undergrounds.®

The Register - Independent news and views for the tech community. Part of Situation Publishing