Taking on the fraudsters

If you want to stop cyber criminals, it pays to get to know them...

It takes a lot of time to build up trust with these criminal. Analysts have spent years in the chat rooms gaining the confidence of the fraudsters. But it is not an easy task. The trouble with IRC is that aliases are not persistent. A criminal can have one name one day and the next a totally different one. The analyst can piece together enough information to spot the regulars, even if the names change.

Karmi says that criminals try to buy from people they trust or build up a good reputation. But, because nicknames can be changed at will on these channels, building that reputation or gaining trust is more difficult. 

As the internet has grown up, so have the criminals. IRC is used by criminals as a basic way of connecting and talking to each other. Eventually though, they find more efficient ways of doing business. Forums have sprung up to host these communities. These forums hide in the darknet, using the TOR network - something that is not easily accessible by normal internet users.

The forums benefit the fraudsters. According to Karmi, they act as a platform to enable the sharing of knowledge between other fraudsters about specific methods as well as helping them solve each other's problems.

"This is a much more convenient place to sell your ware because here they just shout and there you can have a much more convenient way to publicise yourself," he says.

"The first thing you can see on a forum is that they [the fraudsters] have banners, they advertise." Karmi adds that on the forums criminals can maintain a single identity that they can build up to gain a good reputation. This helps them sell their wares.

While criminals consult with each other on how to commit crime, they are not the only ones to benefit. Karmi says the people hosting these forums also get a piece of the action.

"They offer escrow services and other ways to get a nice percentage of everyone's fraud," he adds.

"Just organising this service for fraudsters can be very beneficial even if you don't commit the crime yourself," he says of the people running criminal forums.

The criminal community organisers and their escrow services also combat a problem for criminals, mainly rippers. These are criminals that scam other criminals.

The people that run forums will hold onto money while a transaction goes through to prevent rippers from making off with money and leaving the criminal out of pocket. The people running the escrow service take their percentage.

These communities must realise that firms such as RSA are infiltrating them. Karmi warns that the communities themselves are more and more closing themselves off from the outside world to protect themselves. Gaining entry to them means having someone vouch for you, having recommendations from other people or having people responsible for you.

Getting in

Once on the inside, the analysts can start carrying out their work. Usually this involves getting a criminal to share some information on stolen cards. This helps in identifying a breach.

"We ask for a sample to see if they are the real deal. He'll send us a batch. If we can get a number of cards from a single batch, in most cases we can identify the single point of compromise, because we are trying to help identify the compromised merchant," says Karmi.

"Even if we get two cards from this single batch, then we can identify that both cards were used in, say a particular chain of shops. We then know that business is the common point of compromise," Cohen adds.

"Oren [Karmi] will then work with either our customers or different issuing banks to try help identify that common point of compromise. Then we can share intelligence about the merchant that has been compromised."

He adds: "Oran and his team try to get as deep as possible and close as possible to the root [of the compromise] and expose the root." 

"We have to be as close as possible to stop that [fraud]."

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now


Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022