the internet’s underground economyc.ymcdn.com/sites/ adaptive darknet slide 4 bbs bulletin board...

The Internet’s Underground Economyby MainNerve

MainNerve Adaptive DarkNet Slide 2

Shocking StatisticsShocking StatisticsShocking StatisticsShocking Statistics

“In the last 24-hours, $150 million of

measurable damage has been done to

enterprise networks by trojans and worms.”

-- Computerworld Article, January 16th, 2004

Some of this money may be yours.

The ProblemThe ProblemThe ProblemThe Problem

1. Fully 61% of U.S. computers are infected with

malware.

2. Data breaches cost companies an average of $197 per record in 2007,

according to a study by the Ponemon Institute. The average cost of a data

breach was $6.3 million, up from $4.8 million in 2006.

These figures are largely based on self-reporting,

which is often suspect. Given the enormous quantity

of data witnessed on numerous Internet Relay

Chat (IRC) channels, both numbers may beboth numbers may beboth numbers may beboth numbers may be

underreportedunderreportedunderreportedunderreported.



BBSBBSBBSBBS

Bulletin Board System – First steps of mass

communication on the internet. First steps of

bartering system.

IRCIRCIRCIRC

Internet Relay Chat (IRC)Internet Relay Chat (IRC)Internet Relay Chat (IRC)Internet Relay Chat (IRC) is a form of real-time Internet chat or synchronous conferencing. It is mainly designed for

group (many-to-many) communication in discussion forums

called channels, but also allows one-to-one communication

and data transfers via private message.

IRC gives users a way to trade more efficiently.IRC gives users a way to trade more efficiently.IRC gives users a way to trade more efficiently.IRC gives users a way to trade more efficiently.


The NumbersThe NumbersThe NumbersThe Numbers

The following table illustrates the number of cards

compromised in three months for a single IRC server!

Month Amex Visa MasterCard Discover

2005/10 70 28942 11820 1064

2005/11 51 31932 13218 1214

2005/12 89 26492 10662 1079


Black InkBlack InkBlack InkBlack Ink

Even exclusive, rare credit cards will be stolen. One can just imagine the Even exclusive, rare credit cards will be stolen. One can just imagine the Even exclusive, rare credit cards will be stolen. One can just imagine the Even exclusive, rare credit cards will be stolen. One can just imagine the

purchasing power <A> has with this card:purchasing power <A> has with this card:purchasing power <A> has with this card:purchasing power <A> has with this card:

<A> I got an american express black card the other day

<A> weird huh?

 ... black card?

 i thought it wa blue

<A> go look it up

<A> its called the centurion

 first link has “black is beautiful” in the thingy

 and it’s talking about the card

Online Banking Online Banking Online Banking Online Banking

The miscreants are avid proponents of online banking, particularly other The miscreants are avid proponents of online banking, particularly other The miscreants are avid proponents of online banking, particularly other The miscreants are avid proponents of online banking, particularly other

people’s online bank accounts.people’s online bank accounts.people’s online bank accounts.people’s online bank accounts.

<A> how much would a lets say 40k

 with all informations 40k ??

 Fulls

<A> user name and pass

<A> 200-300 an account ?

 variable between 250 $ =====> 500 $

<A> ill retire in a month

How Much Money is Exchanged in 24hrsHow Much Money is Exchanged in 24hrsHow Much Money is Exchanged in 24hrsHow Much Money is Exchanged in 24hrs

<A> Total: $310.64—A is from Country A

 Total $930,391.94—B is from Country B

<C> Total $216,934.93

<C> Grand Total $1,803.59—C is from Country C

<D> Total: $49.00—D is from the Country D

<E> Total $258,602.27—E is from Country E

<F> Total $60.07—F is from the Country D

<G> Grand Total $1,987.97—G is from Country F

<H> Total $48,096.65—H is from Country A

 Total $33,332.76—I is from Country B

And the Grand Total Is… at least

US$1,599,335.80

How much is your Identity worth?How much is your Identity worth?How much is your Identity worth?How much is your Identity worth?

United States based credit cards with a card verification number United States based credit cards with a card verification number United States based credit cards with a card verification number United States based credit cards with a card verification number

were available for purchase on underground economy servers were available for purchase on underground economy servers were available for purchase on underground economy servers were available for purchase on underground economy servers

for between $1 and $6 USD.for between $1 and $6 USD.for between $1 and $6 USD.for between $1 and $6 USD.

An identity (including a U.S. bank account, credit card, date of An identity (including a U.S. bank account, credit card, date of An identity (including a U.S. bank account, credit card, date of An identity (including a U.S. bank account, credit card, date of

birth and government issued identification number) was birth and government issued identification number) was birth and government issued identification number) was birth and government issued identification number) was

available for between $14 and $18 USD.available for between $14 and $18 USD.available for between $14 and $18 USD.available for between $14 and $18 USD.


Where are they?Where are they?Where are they?Where are they?

During the last six months of 2007, 51% of well

known underground economy servers were

located in the United States, the highest total

of any country.


Help WantedHelp WantedHelp WantedHelp Wanted

Many Job opportunities exist in the

underground, some of which are:

1.Buyers, Sellers and Traders

2.Cashiers

3.Drops

4.Spammers

5.1337 Mercs, Ninjas, Dudes with Powers, etc.


Buyers, Sellers and TradersBuyers, Sellers and TradersBuyers, Sellers and TradersBuyers, Sellers and Traders

BuyersBuyersBuyersBuyers – Persons looking to buy actual goods for use,

i.e. Credit Cards for the purpose of cashing them out.

SellersSellersSellersSellers - People with a sought after commodity

TradersTradersTradersTraders – People who buy with the intent of trading for

something else. Sometimes many, many times over.


Buyers and SellersBuyers and SellersBuyers and SellersBuyers and Sellers

Some miscreants willingly list their prices, such as <A> in the following:Some miscreants willingly list their prices, such as <A> in the following:Some miscreants willingly list their prices, such as <A> in the following:Some miscreants willingly list their prices, such as <A> in the following:

<A> Sell Cvv US(1$ each),Uk(2$ each)Cvv with SSN & DL(10$ each)and

ePassporte Account with 560$ in acc(50$),Hacked Host(7$),Tut Scam CC

Full in VP-ASP Shop(10$).shopadmin with 4100 order(200$), Tool Calculate

Drive Licsence Number(10$).... I’m sleeping. MSG me and I will reply U as

soon as I can !

CashiersCashiersCashiersCashiers

Money LaunderersDemand is high for these miscreants, and they never ask questions. When a

cashier attempts to clean out a bank account (50% always goes to the

cashier) on behalf of another miscreant, that cashier must have some

semblance of legitimacy with the bank.

The biggest challenges to the miscreants aren’t IDS,

firewalls, 0day creation, or any other technological

hurdle. The biggest challenge is where to cash the

checks.


Cashed outCashed outCashed outCashed out

Cashing out these accounts often must be

accomplished from within the country where

the account resides.

Enter the cashier, the miscreant who will cash

out the account.


Gender BasedGender BasedGender BasedGender Based

A new skill set is born: gender-based cashiers. There

are plenty of female miscreants, willing to clean out

accounts both virtually and physically. When the

market makes a demand, the demand-based

underground economy responds:

<A> i need who can confirmer westernunion female visa

 speaking of wu, who can do females?

The Pick upThe Pick upThe Pick upThe Pick up

Although slightly obfuscated, this example is quite real:Although slightly obfuscated, this example is quite real:Although slightly obfuscated, this example is quite real:Although slightly obfuscated, this example is quite real:

<A> Western Union Money Transfer? Pick Up Notification.

<A> Dear X X,

<A> Thank you for using the Western Union Money Transfer

<A> Your money transfer has been picked up by the receiver.

Following is a summary of your transaction.

<A> XXXXXXX508

<A> Date of Order:

<A> 09/15/2005

<A> Amount Sent:

<A> $900.00

<A> Receiver Name:

<A> X X

<A> Status:

<A> Picked Up

<A> write me if u want me to cashout creditcard for you throgh westernunion

Professionals Only Need Respond!Professionals Only Need Respond!Professionals Only Need Respond!Professionals Only Need Respond!

 I have Bank drops for Quick Cashout in(Hsbc,Wells, Lloyds,

Citibank,Boa, Barclays,Woolwich,rbc) Contact me now for Fast Cash

out..Deal is 50% each

<D> Hello,I’m a professional MTCn confirmer if you have any order pending

you can IM me,i have done so many transaction for different people

and also i made different kind of transfer into account such as BAO,

WELS,HSBC any body with full infos for this account who wanna transfer

should IM me now and also i have BIN,EBAY SCAM PAGES,PHP bulk mailer

if anyone is interested IM me all rippers keep off.NOTE I VERIFY

FIRST.................

Tangible GoodsTangible GoodsTangible GoodsTangible Goods

It is also a reality that miscreants actually buy physical goods in the It is also a reality that miscreants actually buy physical goods in the It is also a reality that miscreants actually buy physical goods in the It is also a reality that miscreants actually buy physical goods in the

underground economy:underground economy:underground economy:underground economy:

<A> Sell cc’s full info with PIN (debit, credit), COB’s Laptops (alienware

area51 = 500$, Dell inspiron 6100=400$, Scam pages (ebay, aol, paypal,

egold, escrow, earthlink), track2gen (.exE) support 857 bins, 2000 bins

(update bins), root. Payment (wu or e-gold).

DropsDropsDropsDrops

Anyone with a legitimate shipping location and

an entrepreneurial attitude can make $$ in

the UE.

• Shipping docks

• Moving Trucks

• Commercial Mail Boxes (MailBoxes Etc.)

• Homes

• Businesses


NonNonNonNon----Physical DropsPhysical DropsPhysical DropsPhysical Drops

The second definition of a drop is a bank account bank account bank account bank account

through which money can be moved.through which money can be moved.through which money can be moved.through which money can be moved.

The drop owner almost always receives 50% of the take,

although competition in this space is reducing that

percentage.


Open to all NationsOpen to all NationsOpen to all NationsOpen to all Nations

The list of nations

in which <A> will do business is both interesting and impressive:

<A> I NEED DROPS FOR PHONES AND PDA’s in Singapore

Australia Austria Belgium Brunei Darussalam Canada China

Denmark Finland France Germany Greece Hong Kong

Indonesia India Ireland Israel Italy Japan Korea (South)

Luxembourg Macau Malaysia Netherlands New Zealand

Norway Portugal Saudi Arabia Spain Sweden Switzerland

Taiwan Thailand United Arab Emirates United Kingdom United

States

SpammersSpammersSpammersSpammers

The miscreant spammers are some of the most highly paid The miscreant spammers are some of the most highly paid The miscreant spammers are some of the most highly paid The miscreant spammers are some of the most highly paid

individuals in the underground.individuals in the underground.individuals in the underground.individuals in the underground.

WHY?WHY?WHY?WHY? — spam works, and yields high profits.

Spammers drive the economy of the proxy creators, malware Spammers drive the economy of the proxy creators, malware Spammers drive the economy of the proxy creators, malware Spammers drive the economy of the proxy creators, malware

creators, etccreators, etccreators, etccreators, etc....


Hacking for HireHacking for HireHacking for HireHacking for Hire

<A> can anyone screw up a PHP website, I am willing to <A> can anyone screw up a PHP website, I am willing to <A> can anyone screw up a PHP website, I am willing to <A> can anyone screw up a PHP website, I am willing to

pay who will do thatpay who will do thatpay who will do thatpay who will do that

Powers:Powers:Powers:Powers:

• BOTPOWER! If you have botpower you have enough machines BOTPOWER! If you have botpower you have enough machines BOTPOWER! If you have botpower you have enough machines BOTPOWER! If you have botpower you have enough machines

in your control (BOTnet) to take down a large network. Your in your control (BOTnet) to take down a large network. Your in your control (BOTnet) to take down a large network. Your in your control (BOTnet) to take down a large network. Your

skills are in high demand!skills are in high demand!skills are in high demand!skills are in high demand!

• Ddos Power! Like BOT power but Ddos could be cause by Ddos Power! Like BOT power but Ddos could be cause by Ddos Power! Like BOT power but Ddos could be cause by Ddos Power! Like BOT power but Ddos could be cause by

anything from BOTnets to access to a companies router or anything from BOTnets to access to a companies router or anything from BOTnets to access to a companies router or anything from BOTnets to access to a companies router or

better yet an ISP’s.better yet an ISP’s.better yet an ISP’s.better yet an ISP’s.

• 1337 skilz 1337 skilz 1337 skilz 1337 skilz –––– Ability to Hack Systems, Software, or PeopleAbility to Hack Systems, Software, or PeopleAbility to Hack Systems, Software, or PeopleAbility to Hack Systems, Software, or People

• Many other PowersMany other PowersMany other PowersMany other Powers


What is a BotNet?What is a BotNet?What is a BotNet?What is a BotNet?

• A botnetbotnetbotnetbotnet is a network of compromised machines

(botsbotsbotsbots) remotely controlled by an attacker.

B otKey

U ncompromised Host

B

AttackerCommand & Control

B

B

B

U

UCommands

Commands

Attacks

Attacks

The Larger your BotNet is

the more your skills are

in demand. This gives

rise to a thriving service

oriented economy in the

underground.

How Does a Machine Get “pwned”?How Does a Machine Get “pwned”?How Does a Machine Get “pwned”?How Does a Machine Get “pwned”?

How Long is a Rope?


“fulz” means FULLS!“fulz” means FULLS!“fulz” means FULLS!“fulz” means FULLS!

When a miscreant offers up a “full” or “full info” for sale

or trade, that miscreant will have the goods.

<A> Name: Jason XXX

<A> Address 1: XXX S University Blvd.

<A> City: XXX

<A> State: OK

<A> Zip: XXXXX

<A> Country: usa

<A> Home Phone: (XXX) XXX-X991 Ext:

<A> Date Of Birth: 12/8/19XX

<A> Social Security Number: XXXX32199

<A> Mothers Maiden Name: Reaves

<A> Drivers License Number: XXXX24766

<A> Drivers License State: OK

<A> Secret Question: What is your pet’s name?

<A> Secret Question Answer: Joad


<A> Name On Card: Jason XXX<A> Credit Card Number: 4492XXXXXXXX8831<A> Credit Card Brand: Visa<A> Credit Card Type: Credit<A> EXP Date: 4/2006<A> Credit Card PIN Number:<A> Card ID Number: X46<A> Card Bank Name: OU Federal Credit Union<A> Card 1800 Number: 1800XXXXX9<A> eBay User ID: XXX<A> eBay Password: XXXXXX<A> eBay Password: XXXXXX<A> ***************<A> ***************

A Story about “Cred”A Story about “Cred”A Story about “Cred”A Story about “Cred”The tale goes something like this: Miscreant <A> advertises a need for roots, which are The tale goes something like this: Miscreant <A> advertises a need for roots, which are The tale goes something like this: Miscreant <A> advertises a need for roots, which are The tale goes something like this: Miscreant <A> advertises a need for roots, which are

compromised UNIX systems on which someone has obtained root access. disappears for compromised UNIX systems on which someone has obtained root access. disappears for compromised UNIX systems on which someone has obtained root access. disappears for compromised UNIX systems on which someone has obtained root access. disappears for

a while to have a private conversation with <A>, which is the norm for those finalizing deals. a while to have a private conversation with <A>, which is the norm for those finalizing deals. a while to have a private conversation with <A>, which is the norm for those finalizing deals. a while to have a private conversation with <A>, which is the norm for those finalizing deals.

 then pastes that conversation into the open trading channel as a warning to other then pastes that conversation into the open trading channel as a warning to other then pastes that conversation into the open trading channel as a warning to other then pastes that conversation into the open trading channel as a warning to other

miscreants:miscreants:miscreants:miscreants:

 i rember when u tried to sell me a root scanner

 lol were u going to try scam me

 yeah

 coz u told me last weekk u had a private root scanner

<A> i need it

 you were going to try scam me

 A is a scammer so beware

 1 day he trys selling me a root scanner next day he needs roots

 so beware

Rest assured that a great many miscreants will now avoid conducting businessRest assured that a great many miscreants will now avoid conducting businessRest assured that a great many miscreants will now avoid conducting businessRest assured that a great many miscreants will now avoid conducting business

with <A>.with <A>.with <A>.with <A>.

r u 4 rel?r u 4 rel?r u 4 rel?r u 4 rel?

This proves to any potential consumers that the miscreant has the goods and can

deliver. <A> begins by sharing some data from one of his collections of

compromised accounts:

<A> Account Summary

<A> For optimal viewing of the Wells Fargo Web site, we recommend that

you enable CSS

<A> Cash Accounts

<A> Account Account Number Available Balance

<A> CHECKING 367-3157xxx $425.38

<A> Total $425.38

<A> Credit Accounts

<A> Account Account Number Outstanding

<A> Balance Available

<A> Credit

<A> VISA ( View Spending Report ) xxxx-xxxx-xxxx-9556 -$80.82

$5,900.00

<A> Total -$80.82 $5,900.00

<A> To end your session, be sure to Sign Off

Warped Sense of Right and WrongWarped Sense of Right and WrongWarped Sense of Right and WrongWarped Sense of Right and Wrong

Here another miscreant highlights the trials of those who bring in a steady Here another miscreant highlights the trials of those who bring in a steady Here another miscreant highlights the trials of those who bring in a steady Here another miscreant highlights the trials of those who bring in a steady

stream of illstream of illstream of illstream of ill----gotten revenue:gotten revenue:gotten revenue:gotten revenue:

<A> my gf just ask me

<A> how u get somuch money

<A> are u a dealer

<A> >_<

 lol

<A> lol i told my gf

<A> iam a hacker and steal money from americans

<A> and she started to laugh :D

Stealing is OK if the person lives in a Country you don’t like.Stealing is OK if the person lives in a Country you don’t like.Stealing is OK if the person lives in a Country you don’t like.Stealing is OK if the person lives in a Country you don’t like.

Technical Prowess Not RequiredTechnical Prowess Not RequiredTechnical Prowess Not RequiredTechnical Prowess Not Required

In general, a miscreant can conduct online crime with a

Web browser, IRC client, and merely the ability to use

both.


ConclusionConclusionConclusionConclusion

<A> JOIN #[ CHANNEL ] THE BEST HACKER CHANNEL!!! JOIN US

..!!!U CAN BECOME HACKER AND RICH...!!!!

the internet’s underground economyc.ymcdn.com/sites/ adaptive darknet slide 4 bbs bulletin board...

Documents