Taking on the fraudsters

If you want to stop cyber criminals, it pays to get to know them...

It takes a lot of time to build up trust with these criminal. Analysts have spent years in the chat rooms gaining the confidence of the fraudsters. But it is not an easy task. The trouble with IRC is that aliases are not persistent. A criminal can have one name one day and the next a totally different one. The analyst can piece together enough information to spot the regulars, even if the names change.

Karmi says that criminals try to buy from people they trust or build up a good reputation. But, because nicknames can be changed at will on these channels, building that reputation or gaining trust is more difficult. 

As the internet has grown up, so have the criminals. IRC is used by criminals as a basic way of connecting and talking to each other. Eventually though, they find more efficient ways of doing business. Forums have sprung up to host these communities. These forums hide in the darknet, using the TOR network - something that is not easily accessible by normal internet users.

The forums benefit the fraudsters. According to Karmi, they act as a platform to enable the sharing of knowledge between other fraudsters about specific methods as well as helping them solve each other's problems.

"This is a much more convenient place to sell your ware because here they just shout and there you can have a much more convenient way to publicise yourself," he says.

"The first thing you can see on a forum is that they [the fraudsters] have banners, they advertise." Karmi adds that on the forums criminals can maintain a single identity that they can build up to gain a good reputation. This helps them sell their wares.

While criminals consult with each other on how to commit crime, they are not the only ones to benefit. Karmi says the people hosting these forums also get a piece of the action.

"They offer escrow services and other ways to get a nice percentage of everyone's fraud," he adds.

"Just organising this service for fraudsters can be very beneficial even if you don't commit the crime yourself," he says of the people running criminal forums.

The criminal community organisers and their escrow services also combat a problem for criminals, mainly rippers. These are criminals that scam other criminals.

The people that run forums will hold onto money while a transaction goes through to prevent rippers from making off with money and leaving the criminal out of pocket. The people running the escrow service take their percentage.

These communities must realise that firms such as RSA are infiltrating them. Karmi warns that the communities themselves are more and more closing themselves off from the outside world to protect themselves. Gaining entry to them means having someone vouch for you, having recommendations from other people or having people responsible for you.

Getting in

Once on the inside, the analysts can start carrying out their work. Usually this involves getting a criminal to share some information on stolen cards. This helps in identifying a breach.

"We ask for a sample to see if they are the real deal. He'll send us a batch. If we can get a number of cards from a single batch, in most cases we can identify the single point of compromise, because we are trying to help identify the compromised merchant," says Karmi.

"Even if we get two cards from this single batch, then we can identify that both cards were used in, say a particular chain of shops. We then know that business is the common point of compromise," Cohen adds.

"Oren [Karmi] will then work with either our customers or different issuing banks to try help identify that common point of compromise. Then we can share intelligence about the merchant that has been compromised."

He adds: "Oran and his team try to get as deep as possible and close as possible to the root [of the compromise] and expose the root." 

"We have to be as close as possible to stop that [fraud]."

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
Ransomware criminals look to other hackers to provide them with network access
ransomware

Ransomware criminals look to other hackers to provide them with network access

17 Jun 2021
CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021