Content material warning: Due to the character of a number of the actions we found, this sequence of articles incorporates content material that some readers might discover upsetting. This consists of profanity and references to medication, drug dependancy, playing, pornography, violence, arson, and intercourse work. These references are textual solely and don’t embody pictures or movies.
Following on from the third chapter of our five-part investigation into what cybercriminals do with their earnings, we now look at numerous types of enterprise and revenue era which might be, in threat-actor parlance, ‘black’ (unlawful).
We acknowledge that legality can fluctuate relying on jurisdiction. Nevertheless, the breadth and depth of those actions are such that we have now to categorize them by some means, and utilizing the menace actors’ personal classes is a logical if imperfect selection.
Key findings of Half 4
- As in our earlier reviews, we recognized a variety of enterprise pursuits on this class (outright legal actions, dubbed ‘black’ on the boards)
- In some circumstances, the legal enterprise pursuits we found had been comparatively low-level: fraud, pyramid schemes, and pretend items
- Nevertheless, different discussions appeared to narrate to extra severe legal exercise, together with counterfeit gold and forex, controlling prostitution, cultivating marijuana, tax evasion, and insider buying and selling
- We additionally famous that reinvesting in cybercrime could be a gorgeous choice for menace actors with cash to spend. We noticed a number of funding alternatives and proposals regarding cybercrime
- In some circumstances, discussion board discussions revealed data and pictures that would doubtlessly be used to trace, geolocate, and/or determine menace actors.
Fraud and theft
Bots
We noticed a low-level fraud scheme involving the creation of a number of accounts to carry out “duties” underneath a distinguished firm’s rewards program. The menace actor suggested utilizing an “automation extension” to carry out the duties, and redeeming the earnings as reward playing cards. Additionally they supplied recommendation on avoiding the detection of a number of accounts.
Pyramid schemes
We noticed a number of threads regarding pyramid schemes and scams, together with:
- “A outstanding method that means that you can earn a considerable 3% curiosity per day in your base quantity…your complete funding and withdrawal course of is carried out in USDT [the Tether stablecoin]…doubtlessly permitting you to maintain your earnings with out the burden of taxes”
- An funding alternative in a pyramid scheme (i.e., to assist function the scheme, not an try to sucker discussion board customers into it)
- A number of makes an attempt to really sucker discussion board customers into pyramid schemes/multilevel advertising packages – one “within the on-line coaching area of interest,” one other that the advertiser famous was “a well-known pyramid…however it actually works,” and an old style get-rich-quick scheme.
Determine 1: A menace actor tries to recruit different customers to an “associates program…[for] anybody who desires to generate profits promoting widespread academic merchandise”
Artificial identities
We famous a number of guides on creating ‘CPNs’ (Credit score Privateness Numbers) to ascertain artificial identities (generally referred to as ‘ghosts’) to use for loans and bank cards, purchase automobiles, and launder cash – or to promote to individuals as a part of fraud campaigns.
Determine 2: A part of an in depth information on CPNs on a legal discussion board
Refunds
One menace actor described a low-level scheme to fraudulently declare refunds from sports activities attire firms, by claiming that deliveries didn’t arrive. The person outlined the scheme, offering recommendation on:
- Learn how to behave on the location when ordering
- The optimum worth of products to order
- Learn how to report the ‘failed’ supply
- Learn how to socially engineer buyer help employees
- Learn how to combine authentic and fraudulent orders to keep away from “burning” your handle and account.
Determine 3: A menace actor outlines a low-level refund rip-off
Categorised advertisements
One other menace actor supplied a information to a low-level rip-off on Avito (a Russian categorized advertisements market), whereby customers publish fraudulent listings, obtain cash from a purchaser, however don’t ship the merchandise and as a substitute get the client banned from the platform. The publish consists of recommendation on the scheme, easy methods to create a gorgeous itemizing, and easy methods to set a value.
Intercourse work
Laundering
In a thread itemizing a number of concepts for cash laundering, a menace actor recommended: “Recruit (actual or faux) escorts to ship you money of your individual cash after they declared their ‘revenue’ from intercourse work…the prostitute thought is within the Canadian context since prostitution is authorized to promote, not purchase.” One other thought from the identical person: “Fake you’re a hooker your self.”
In an identical vein, a person claiming to be from Australia famous in one other thread that since prostitution is authorized there, that they had the thought of “pretending to be an escort to scrub money.”
Determine 4: A menace actor proposes pretending to be a male escort to launder cash
Controlling prostitution
A menace actor recommended making a “job website for escort ladies” – the place “severe escort businesses…even brothels” can join with “women who wish to go to enterprise, however there is no such thing as a ticket there for the prepare from the village or for the aircraft to Dubai or the rest.”
Some customers picked minor holes on this plan (opponents, difficulties in promoting site visitors to the location), with one arguing: “Why such a trouble, for those who actually wish to do pussy, you make webcam studios.”
Determine 5: A menace actor proposes making a “job website for escort ladies,” sparking a protracted dialogue about intercourse work
One person stated: “I’ve the chance to arrange my very own brothel in Sochi…the Sochi cops are negotiable and gained’t take very a lot…However you need to make investments a ton.”
In the identical thread, we additionally noticed the next disturbing remark:
The ladies will should be trampled down, instilled in them with the concept that they’re no person and nothing and solely underneath your safety can they by some means earn one thing. This will probably be particularly evident within the prostitution enterprise, the place the only and most conventional approach of controlling feminine staff is to make them drug dependent.
Stolen and counterfeit items
Counterfeit gold
A menace actor sought a enterprise associate with “an energetic eBay vendor account” as a result of they “have a big provide of counterfeit gold and have been promoting it…the issue is…opening up new accounts.”
Determine 6: A menace actor seeks assist promoting “a big provide of counterfeit gold,” which they declare to have already been doing for some time
Pretend items
A menace actor sought recommendation on easy methods to faux the nation of origin for cheaply purchased Chinese language items that they deliberate to promote on-line. Alongside comparable traces, we famous a scheme to create an internet store and “promote excessive class fakes.” Different customers suggested them to “attempt to undergo moderation of merch as second hand…they won’t ask for invoices.” The identical person supplied intensive element on their very own experiences.
Historical artifacts
In by far essentially the most weird thread we found, a menace actor claimed to have “discovered some pharaonic and coptic monuments [i.e., Ancient Egyptian artifacts]…solely two individuals find out about its location. We wish to promote it, however we don’t know the way…to deal with the cargo and the proper place to promote in an public sale (black market).” The person uploaded two photographs of what gave the impression to be a sarcophagus mendacity on bubble wrap.
Determine 7: A menace actor claims to have “some pharaonic and coptic [sic] monuments” that they wish to “promote in an public sale (black market)”
Some customers expressed curiosity in buying; others beneficial technique of verifying age/authenticity. One person claimed that that they had been to Egypt for the same job and will put the sellers in contact with a authentic purchaser “who will purchase it instantly after his professional confirms.”
Medicine
Hashish
One menace actor acknowledged that “we have now direct enterprise relations with an American firm that legally grows and sells marijuana within the US.” The person famous that the enterprise is searching for lead turbines and traders, with lead turbines getting 10% of revenue (“revenue is normally $1000-$4000 per day”).
We additionally noticed a information on easy methods to develop 25kg of hashish in 4 months. The person outlined prices, together with $7,000 for hydroponics, $1,500 for fertilizer, $12,000 to hire a home, and $1,700 a month for lighting. “The typical value of 25 kilograms of excellent grass wholesale is $50,000…promoting is simple and secure…by no means attention-grabbing to the cops – in courtroom you’ll have to show the actual fact of the sale.”
Determine 8: A menace actor posts a tutorial on rising hashish, the tools wanted, and expenditure
Medicine and carders
As famous in the primary article on this sequence, we famous an admission from a menace actor that they’ve given cocaine and drugs to cybercriminals, in trade for stolen bank card particulars.
Determine 9: A legal discussion board person admits to giving cybercriminals “cocaine or drugs” in trade for stolen bank card particulars
Tax evasion
We noticed an in depth dialogue on tax evasion strategies, together with particular steering on tax evasion versus cash laundering; utilizing “a corrupt, overseas financial institution” versus false reporting; hiring “specialised legal professionals” and extra.
Determine 10: A part of an in depth dialogue on tax evasion on a legal discussion board
Insider buying and selling
One menace actor claimed to have an insider in a distinguished know-how agency, who beneficial investing massive cash after “the corporate made some main modifications…they need to double their inventory value in 12-16 months.”
Determine 11: A menace actor claims to have an insider inside a distinguished know-how firm
One other menace actor suggested others “to not gamble on the inventory market…getting inside data is the one approach…if hacking teams give a heads up on which firm’s paperwork they’re going to leak you should purchase put contracts on the corporate and revenue on inventory taking place.”
In the identical vein, one other person requested about shorting shares of firms affected by ransomware assaults, and puzzled if ransomware operators have thought of doing this. Most customers stated this was viable, though others had been extra uncertain (“You’ll appeal to regulatory authorities for insider buying and selling”).
In the identical thread, menace actors additionally mentioned different sorts of assault (DDoS and web site defacements), together with their attainable impacts on inventory value and whether or not it will be value shorting the inventory. A person recommended utilizing search engine optimization, deepfakes, and AI-generated articles to drive down the inventory costs of attacked firms additional.
On one other thread, a menace actor claimed to “promote insider data nicely prematurely of the massive strikes available in the market for some cryptocurrencies. I normally work with funding firms, however a few of you will have an honest quantity of cryptocurrencies, and I imagine that I may be of nice assist to you.”
Reinvesting in cybercrime
Throughout our analysis, we famous many menace actors asking their friends what they need to make investments their cash in, and replies corresponding to “make investments it within the enterprise that introduced you this revenue. It’s apparent.” Reinvesting in cybercrime could also be enticing to menace actors who’ve ‘paid their dues’ and profited – they’ll spend money on a brand new mission in a well-known subject, and reap the rewards whereas being uncovered to much less threat.
Malware and phishing
We noticed a number of funding alternatives in in-progress/in-development malware and campaigns, together with an funding alternative ($1,000-2,000) in an Android botnet, with the flexibility to steal bank card data, spam contacts, ahead incoming calls, launch customized apps, and intercept incoming SMS messages. A screenshot was included.
We additionally famous:
- An funding alternative ($3,000-5,000) to open a retailer for botnet logs (i.e., stolen information from infostealers)
- An funding alternative ($5,000) in a Telegram phishing instrument/marketing campaign
- A imprecise proposal regarding an MT103 (a protocol utilized in SWIFT) staging server (“I’m searching for cooperation with a darkish internet developer…we have now a deal for 10 million {dollars}”).
Determine 12: A menace actor seeks funding to create their very own “botnet logs retailer”
Determine 13: A screenshot of a Telegram phishing platform, included as a part of a pitch to potential traders on a legal discussion board
DDoS
We noticed a chance (ROI: 30% of revenue) to spend money on a year-old DDoS-related mission (the person insisted that this was not a rip-off, pointing to their fame and lack of arbitration complaints, and the truth that they had been prepared to debate situations privately).
SIM-swapping
We noticed an funding alternative (ROI: 20% of every cashout) in sim-swapping. “I’ve crypto logins and financial institution logins with cash, my final step is sim-swapping.”
Crowdfunding
One menace actor proposed launching a crowdfunding platform on Tor “for gray/black matters.” Different customers gave the impression to be eager in precept, however famous that the platform would want to each guarantee anonymity and forestall scams. One person recommended sensible contracts as a attainable answer.
Determine 14: A menace actor proposes a “darknet” crowdfunding platform for legal actions, likening the precept to Kickstarter
Counterfeit forex
A menace actor proposed a scheme whereby they would supply different customers with counterfeit US forex to launder, earlier than giving the OP a share. The OP recommended $400 (4 $100 payments) to start out, later rising to hundreds. The counterfeit payments allegedly had a number of serial numbers, watermarks, safety strips, optically variable ink, and handed the “pen check” (a way to detect counterfeit payments through a particular ink), however didn’t work in ATMs and wanted to be aged and handled earlier than use.
One other person outlined a plan for counterfeit payments, and supplied particulars on their digital and bodily OPSEC measures. The latter included:
- By no means utilizing the payments in retail shops, solely at bodily meet-ups (e.g., Craigslist transactions)
- Going from metropolis to metropolis
- By no means utilizing cash for trivial issues like motels, meals, gasoline
- Promoting the illicitly acquired objects in several nations
Determine 15: A menace actor goes into vital element relating to their plan to distribute counterfeit payments
Attainable assault
Lastly, we noticed a very disturbing thread, though it was (in all probability intentionally) very imprecise. A menace actor requested the cryptic query: “Has anybody encountered or maybe heard of individuals being intimidated by voices? An individual is combined with some substance after which he begins to have extreme issues.”
Determine 16: A menace actor posts an uncommon query on a legal discussion board
One other person responded:
You need to use a ‘fact serum’ (scopolamine or analogues, obtainable on the darknet)…the particular person himself will quit all the things and inform you all the things. In actual life, I noticed a profitable theft utilizing scopolamine, the person did all the things he was requested to do – he took the paperwork and laptop computer out of the home, he withdrew cash from the ATM, he himself entered passwords in banking. Watch out about dosing.
Scopolamine (prescribed to handle, amongst different issues, nausea and vomiting attributable to movement illness or surgical anesthesia) is understood to have been used for theft, and allegedly additionally to facilitate kidnappings and sexual assaults.
Over the previous 4 articles, we’ve explored a big selection of enterprise pursuits, starting from the innocuous (digitizing VHS tapes and making a cell health app) to the downright legal (curiosity in working a brothel, counterfeit payments, rising hashish) and just about all the things in between. However what does this imply for the cybersecurity business, regulation enforcement, and society as an entire?
Within the concluding chapter of this sequence, we’ll look at the implications, challenges, and alternatives of menace actors shifting past the cyber kill chain.
Content material warning: Due to the character of a number of the actions we found, this sequence of articles incorporates content material that some readers might discover upsetting. This consists of profanity and references to medication, drug dependancy, playing, pornography, violence, arson, and intercourse work. These references are textual solely and don’t embody pictures or movies.
Following on from the third chapter of our five-part investigation into what cybercriminals do with their earnings, we now look at numerous types of enterprise and revenue era which might be, in threat-actor parlance, ‘black’ (unlawful).
We acknowledge that legality can fluctuate relying on jurisdiction. Nevertheless, the breadth and depth of those actions are such that we have now to categorize them by some means, and utilizing the menace actors’ personal classes is a logical if imperfect selection.
Key findings of Half 4
- As in our earlier reviews, we recognized a variety of enterprise pursuits on this class (outright legal actions, dubbed ‘black’ on the boards)
- In some circumstances, the legal enterprise pursuits we found had been comparatively low-level: fraud, pyramid schemes, and pretend items
- Nevertheless, different discussions appeared to narrate to extra severe legal exercise, together with counterfeit gold and forex, controlling prostitution, cultivating marijuana, tax evasion, and insider buying and selling
- We additionally famous that reinvesting in cybercrime could be a gorgeous choice for menace actors with cash to spend. We noticed a number of funding alternatives and proposals regarding cybercrime
- In some circumstances, discussion board discussions revealed data and pictures that would doubtlessly be used to trace, geolocate, and/or determine menace actors.
Fraud and theft
Bots
We noticed a low-level fraud scheme involving the creation of a number of accounts to carry out “duties” underneath a distinguished firm’s rewards program. The menace actor suggested utilizing an “automation extension” to carry out the duties, and redeeming the earnings as reward playing cards. Additionally they supplied recommendation on avoiding the detection of a number of accounts.
Pyramid schemes
We noticed a number of threads regarding pyramid schemes and scams, together with:
- “A outstanding method that means that you can earn a considerable 3% curiosity per day in your base quantity…your complete funding and withdrawal course of is carried out in USDT [the Tether stablecoin]…doubtlessly permitting you to maintain your earnings with out the burden of taxes”
- An funding alternative in a pyramid scheme (i.e., to assist function the scheme, not an try to sucker discussion board customers into it)
- A number of makes an attempt to really sucker discussion board customers into pyramid schemes/multilevel advertising packages – one “within the on-line coaching area of interest,” one other that the advertiser famous was “a well-known pyramid…however it actually works,” and an old style get-rich-quick scheme.
Determine 1: A menace actor tries to recruit different customers to an “associates program…[for] anybody who desires to generate profits promoting widespread academic merchandise”
Artificial identities
We famous a number of guides on creating ‘CPNs’ (Credit score Privateness Numbers) to ascertain artificial identities (generally referred to as ‘ghosts’) to use for loans and bank cards, purchase automobiles, and launder cash – or to promote to individuals as a part of fraud campaigns.
Determine 2: A part of an in depth information on CPNs on a legal discussion board
Refunds
One menace actor described a low-level scheme to fraudulently declare refunds from sports activities attire firms, by claiming that deliveries didn’t arrive. The person outlined the scheme, offering recommendation on:
- Learn how to behave on the location when ordering
- The optimum worth of products to order
- Learn how to report the ‘failed’ supply
- Learn how to socially engineer buyer help employees
- Learn how to combine authentic and fraudulent orders to keep away from “burning” your handle and account.
Determine 3: A menace actor outlines a low-level refund rip-off
Categorised advertisements
One other menace actor supplied a information to a low-level rip-off on Avito (a Russian categorized advertisements market), whereby customers publish fraudulent listings, obtain cash from a purchaser, however don’t ship the merchandise and as a substitute get the client banned from the platform. The publish consists of recommendation on the scheme, easy methods to create a gorgeous itemizing, and easy methods to set a value.
Intercourse work
Laundering
In a thread itemizing a number of concepts for cash laundering, a menace actor recommended: “Recruit (actual or faux) escorts to ship you money of your individual cash after they declared their ‘revenue’ from intercourse work…the prostitute thought is within the Canadian context since prostitution is authorized to promote, not purchase.” One other thought from the identical person: “Fake you’re a hooker your self.”
In an identical vein, a person claiming to be from Australia famous in one other thread that since prostitution is authorized there, that they had the thought of “pretending to be an escort to scrub money.”
Determine 4: A menace actor proposes pretending to be a male escort to launder cash
Controlling prostitution
A menace actor recommended making a “job website for escort ladies” – the place “severe escort businesses…even brothels” can join with “women who wish to go to enterprise, however there is no such thing as a ticket there for the prepare from the village or for the aircraft to Dubai or the rest.”
Some customers picked minor holes on this plan (opponents, difficulties in promoting site visitors to the location), with one arguing: “Why such a trouble, for those who actually wish to do pussy, you make webcam studios.”
Determine 5: A menace actor proposes making a “job website for escort ladies,” sparking a protracted dialogue about intercourse work
One person stated: “I’ve the chance to arrange my very own brothel in Sochi…the Sochi cops are negotiable and gained’t take very a lot…However you need to make investments a ton.”
In the identical thread, we additionally noticed the next disturbing remark:
The ladies will should be trampled down, instilled in them with the concept that they’re no person and nothing and solely underneath your safety can they by some means earn one thing. This will probably be particularly evident within the prostitution enterprise, the place the only and most conventional approach of controlling feminine staff is to make them drug dependent.
Stolen and counterfeit items
Counterfeit gold
A menace actor sought a enterprise associate with “an energetic eBay vendor account” as a result of they “have a big provide of counterfeit gold and have been promoting it…the issue is…opening up new accounts.”
Determine 6: A menace actor seeks assist promoting “a big provide of counterfeit gold,” which they declare to have already been doing for some time
Pretend items
A menace actor sought recommendation on easy methods to faux the nation of origin for cheaply purchased Chinese language items that they deliberate to promote on-line. Alongside comparable traces, we famous a scheme to create an internet store and “promote excessive class fakes.” Different customers suggested them to “attempt to undergo moderation of merch as second hand…they won’t ask for invoices.” The identical person supplied intensive element on their very own experiences.
Historical artifacts
In by far essentially the most weird thread we found, a menace actor claimed to have “discovered some pharaonic and coptic monuments [i.e., Ancient Egyptian artifacts]…solely two individuals find out about its location. We wish to promote it, however we don’t know the way…to deal with the cargo and the proper place to promote in an public sale (black market).” The person uploaded two photographs of what gave the impression to be a sarcophagus mendacity on bubble wrap.
Determine 7: A menace actor claims to have “some pharaonic and coptic [sic] monuments” that they wish to “promote in an public sale (black market)”
Some customers expressed curiosity in buying; others beneficial technique of verifying age/authenticity. One person claimed that that they had been to Egypt for the same job and will put the sellers in contact with a authentic purchaser “who will purchase it instantly after his professional confirms.”
Medicine
Hashish
One menace actor acknowledged that “we have now direct enterprise relations with an American firm that legally grows and sells marijuana within the US.” The person famous that the enterprise is searching for lead turbines and traders, with lead turbines getting 10% of revenue (“revenue is normally $1000-$4000 per day”).
We additionally noticed a information on easy methods to develop 25kg of hashish in 4 months. The person outlined prices, together with $7,000 for hydroponics, $1,500 for fertilizer, $12,000 to hire a home, and $1,700 a month for lighting. “The typical value of 25 kilograms of excellent grass wholesale is $50,000…promoting is simple and secure…by no means attention-grabbing to the cops – in courtroom you’ll have to show the actual fact of the sale.”
Determine 8: A menace actor posts a tutorial on rising hashish, the tools wanted, and expenditure
Medicine and carders
As famous in the primary article on this sequence, we famous an admission from a menace actor that they’ve given cocaine and drugs to cybercriminals, in trade for stolen bank card particulars.
Determine 9: A legal discussion board person admits to giving cybercriminals “cocaine or drugs” in trade for stolen bank card particulars
Tax evasion
We noticed an in depth dialogue on tax evasion strategies, together with particular steering on tax evasion versus cash laundering; utilizing “a corrupt, overseas financial institution” versus false reporting; hiring “specialised legal professionals” and extra.
Determine 10: A part of an in depth dialogue on tax evasion on a legal discussion board
Insider buying and selling
One menace actor claimed to have an insider in a distinguished know-how agency, who beneficial investing massive cash after “the corporate made some main modifications…they need to double their inventory value in 12-16 months.”
Determine 11: A menace actor claims to have an insider inside a distinguished know-how firm
One other menace actor suggested others “to not gamble on the inventory market…getting inside data is the one approach…if hacking teams give a heads up on which firm’s paperwork they’re going to leak you should purchase put contracts on the corporate and revenue on inventory taking place.”
In the identical vein, one other person requested about shorting shares of firms affected by ransomware assaults, and puzzled if ransomware operators have thought of doing this. Most customers stated this was viable, though others had been extra uncertain (“You’ll appeal to regulatory authorities for insider buying and selling”).
In the identical thread, menace actors additionally mentioned different sorts of assault (DDoS and web site defacements), together with their attainable impacts on inventory value and whether or not it will be value shorting the inventory. A person recommended utilizing search engine optimization, deepfakes, and AI-generated articles to drive down the inventory costs of attacked firms additional.
On one other thread, a menace actor claimed to “promote insider data nicely prematurely of the massive strikes available in the market for some cryptocurrencies. I normally work with funding firms, however a few of you will have an honest quantity of cryptocurrencies, and I imagine that I may be of nice assist to you.”
Reinvesting in cybercrime
Throughout our analysis, we famous many menace actors asking their friends what they need to make investments their cash in, and replies corresponding to “make investments it within the enterprise that introduced you this revenue. It’s apparent.” Reinvesting in cybercrime could also be enticing to menace actors who’ve ‘paid their dues’ and profited – they’ll spend money on a brand new mission in a well-known subject, and reap the rewards whereas being uncovered to much less threat.
Malware and phishing
We noticed a number of funding alternatives in in-progress/in-development malware and campaigns, together with an funding alternative ($1,000-2,000) in an Android botnet, with the flexibility to steal bank card data, spam contacts, ahead incoming calls, launch customized apps, and intercept incoming SMS messages. A screenshot was included.
We additionally famous:
- An funding alternative ($3,000-5,000) to open a retailer for botnet logs (i.e., stolen information from infostealers)
- An funding alternative ($5,000) in a Telegram phishing instrument/marketing campaign
- A imprecise proposal regarding an MT103 (a protocol utilized in SWIFT) staging server (“I’m searching for cooperation with a darkish internet developer…we have now a deal for 10 million {dollars}”).
Determine 12: A menace actor seeks funding to create their very own “botnet logs retailer”
Determine 13: A screenshot of a Telegram phishing platform, included as a part of a pitch to potential traders on a legal discussion board
DDoS
We noticed a chance (ROI: 30% of revenue) to spend money on a year-old DDoS-related mission (the person insisted that this was not a rip-off, pointing to their fame and lack of arbitration complaints, and the truth that they had been prepared to debate situations privately).
SIM-swapping
We noticed an funding alternative (ROI: 20% of every cashout) in sim-swapping. “I’ve crypto logins and financial institution logins with cash, my final step is sim-swapping.”
Crowdfunding
One menace actor proposed launching a crowdfunding platform on Tor “for gray/black matters.” Different customers gave the impression to be eager in precept, however famous that the platform would want to each guarantee anonymity and forestall scams. One person recommended sensible contracts as a attainable answer.
Determine 14: A menace actor proposes a “darknet” crowdfunding platform for legal actions, likening the precept to Kickstarter
Counterfeit forex
A menace actor proposed a scheme whereby they would supply different customers with counterfeit US forex to launder, earlier than giving the OP a share. The OP recommended $400 (4 $100 payments) to start out, later rising to hundreds. The counterfeit payments allegedly had a number of serial numbers, watermarks, safety strips, optically variable ink, and handed the “pen check” (a way to detect counterfeit payments through a particular ink), however didn’t work in ATMs and wanted to be aged and handled earlier than use.
One other person outlined a plan for counterfeit payments, and supplied particulars on their digital and bodily OPSEC measures. The latter included:
- By no means utilizing the payments in retail shops, solely at bodily meet-ups (e.g., Craigslist transactions)
- Going from metropolis to metropolis
- By no means utilizing cash for trivial issues like motels, meals, gasoline
- Promoting the illicitly acquired objects in several nations
Determine 15: A menace actor goes into vital element relating to their plan to distribute counterfeit payments
Attainable assault
Lastly, we noticed a very disturbing thread, though it was (in all probability intentionally) very imprecise. A menace actor requested the cryptic query: “Has anybody encountered or maybe heard of individuals being intimidated by voices? An individual is combined with some substance after which he begins to have extreme issues.”
Determine 16: A menace actor posts an uncommon query on a legal discussion board
One other person responded:
You need to use a ‘fact serum’ (scopolamine or analogues, obtainable on the darknet)…the particular person himself will quit all the things and inform you all the things. In actual life, I noticed a profitable theft utilizing scopolamine, the person did all the things he was requested to do – he took the paperwork and laptop computer out of the home, he withdrew cash from the ATM, he himself entered passwords in banking. Watch out about dosing.
Scopolamine (prescribed to handle, amongst different issues, nausea and vomiting attributable to movement illness or surgical anesthesia) is understood to have been used for theft, and allegedly additionally to facilitate kidnappings and sexual assaults.
Over the previous 4 articles, we’ve explored a big selection of enterprise pursuits, starting from the innocuous (digitizing VHS tapes and making a cell health app) to the downright legal (curiosity in working a brothel, counterfeit payments, rising hashish) and just about all the things in between. However what does this imply for the cybersecurity business, regulation enforcement, and society as an entire?
Within the concluding chapter of this sequence, we’ll look at the implications, challenges, and alternatives of menace actors shifting past the cyber kill chain.
